TechSpot

Weird files on computer

By NTAPRO
Nov 6, 2011
  1. There is this qwrtaw5.exe in the process and it goes all the way to the program data folder. It's hidden along with a qundmlr.exe, qundmvr.exe, and vgftawv.exe files. the files were created the day after the internet was turned back on. When I mouse over them, the file descriptions are Internet Explorer, and the company is microsoft. It says the file version is 9.0.8112.16421. I guess it was something that came with the newest internet explorer. I also no longer have that version installed. It's still a process for some reason. I tried to delete the first file I mentioned first and got bsod xD so I just left it alone. I'm not sure what to do...

    I also want to add that I checked the Roaming folder under appdata in 2 ot6her accounts and exe's have appeared there also.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8104

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    11/7/2011 5:12:49 PM
    mbam-log-2011-11-07 (17-12-49).txt

    Scan type: Quick scan
    Objects scanned: 258787
    Time elapsed: 11 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\ACC1\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\57840.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
    c:\Users\ACC1\AppData\Local\Temp\dclogs\2011-11-06-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
    ==============
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-08 02:11:52
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000076 ST350063 rev.3.CH
    Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwlirfod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    ---- EOF - GMER 1.0.15 ----
    ==============
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 2:14:03 on 2011-11-08
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1735 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkASv2K.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\Windows\system32\vmnat.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Windows\system32\vmnetdhcp.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\ProgramData\qwrtaw5.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
    TB: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [<NO NAME>]
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [Microsoft Explorer] c:\programdata\qwrtaw5.exe
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\qwrtaw5.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B91069DE-4BBF-49B1-9E09-9E8ADB83B2BA} : DhcpNameServer = 192.168.2.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    IFEO: AcroRd32.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
    IFEO: burnixa.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
    IFEO: vstudio.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\bfmvu5xy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\administrator\appdata\local\e-academy inc\mozilla\firefox\plugins\npHostSdmLoader.dll
    FF - plugin: c:\users\administrator\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-25 232512]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl2293e68c;MpKsl2293e68c;c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKsl2293e68c.sys [2011-11-7 28752]
    R1 MpKslc10345fd;MpKslc10345fd;c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKslc10345fd.sys [2011-11-8 28752]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2011-5-28 21504]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-5 21992]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-5-28 21504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-9 366152]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-5 2337144]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-7-20 1526592]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-9 22216]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-31 10064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-5-28 81168]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-9 27192]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2011-11-08 07:03:18 108032 ----a-w- c:\windows\system32\uazzm.exe
    2011-11-08 07:03:18 108032 ----a-w- c:\windows\system32\mcbaq.exe
    2011-11-08 06:59:56 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKslc10345fd.sys
    2011-11-07 15:12:03 108032 ----a-w- c:\windows\system32\rjfrm.exe
    2011-11-07 12:45:20 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKsl2293e68c.sys
    2011-11-07 12:44:16 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\offreg.dll
    2011-11-07 12:44:10 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\mpengine.dll
    2011-11-07 04:55:02 108032 ----a-w- c:\windows\system32\ywspy.exe
    2011-11-07 03:53:25 108032 ----a-w- c:\windows\system32\ghnhh.exe
    2011-11-07 03:53:25 108032 ----a-w- c:\windows\system32\bhujv.exe
    2011-11-06 12:47:54 108032 ---h--w- c:\programdata\qundm1r.exe
    2011-11-06 08:38:46 108032 ----a-w- c:\windows\system32\fkxve.exe
    2011-11-06 06:33:50 -------- d-----w- c:\program files\ESET
    2011-11-06 05:02:02 108032 ----a-w- c:\windows\system32\fcpxf.exe
    2011-11-06 04:43:24 108032 ----a-w- c:\windows\system32\fnslt.exe
    2011-11-06 04:43:19 108032 ---h--w- c:\programdata\qwrtaw5.exe
    2011-11-06 04:43:00 108032 ----a-w- c:\windows\system32\zrons.exe
    2011-11-04 09:15:32 119808 ----a-w- c:\windows\system32\rfkvm.exe
    2011-11-04 04:45:17 119808 ----a-w- c:\windows\system32\ylikf.exe
    2011-11-04 00:09:26 119808 ------w- c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\qwrtaw5.exe
    2011-11-04 00:09:21 119808 ----a-w- c:\windows\system32\movsq.exe
    2011-11-03 21:05:52 72704 ---h--w- c:\programdata\vgftawv.exe
    2011-11-03 19:42:07 72704 ---h--w- c:\programdata\qundmvr.exe
    2011-11-03 15:25:41 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-11-03 15:25:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-11-03 15:25:41 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-11-03 15:25:41 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-11-03 15:25:41 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-11-03 15:25:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-11-03 15:25:41 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-11-03 15:25:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-11-03 11:43:28 72704 ---h--w- c:\programdata\qundmlr.exe
    2011-10-29 00:14:49 -------- d-----w- c:\programdata\MinigolfAdventures
    2011-10-13 00:10:12 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 00:10:12 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-13 00:10:12 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-13 00:10:12 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 00:10:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-13 00:10:05 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-13 00:10:05 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 00:10:05 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 00:10:04 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-13 00:09:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-10-10 22:35:54 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2011-10-10 22:35:01 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e9b3403a-a1b1-4ad7-b6fe-834a39efee52}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2011-11-04 12:50:50 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-11-03 03:52:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-25 17:05:47 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-08-16 16:15:15 834048 ----a-w- c:\windows\system32\wininet.dll
    2011-08-16 14:20:55 389632 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 2:15:01.00 ===============
     
  4. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/10/2010 12:06:34 PM
    System Uptime: 11/8/2011 1:59:06 AM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NARRA2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket AM2 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 179.016 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.288 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.6 - CPSID_83708
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIM 7
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ARO 2011
    Bonjour
    Boris Graffiti
    Camtasia Studio 6
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    Chatango Message Catcher
    Citrix online plug-in (Web)
    Connect
    Convert VOB to AVI
    ConvertXtoDVD 4.1.10.348
    CPUID CPU-Z 1.57.1
    Crystal Reports for Visual Studio
    DAEMON Tools Lite
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dotfuscator Software Services - Community Edition
    Download Updater (AOL LLC)
    Easy GIF Animator 5.02
    Enhanced Multimedia Keyboard Solution
    ESET NOD32 Antivirus
    Fighter Factory 1.0.9.2005 + Update Pack 1
    Fighter Factory Ultimate
    FileZilla Client 3.5.1
    FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    Fraps (remove only)
    Free 3GP Video Converter version 3.7.26.602
    Free M4a to MP3 Converter 6.2
    Free MP3 WMA OGG Converter 8.2.5
    Google Chrome
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.5
    HP Picasso Media Center Add-In
    HP Update
    HPPhotoSmartPhotobookWebPack1
    IcoFX 1.6.4
    ImgBurn
    InterVideo DeviceService
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6 Update 1
    kuler
    LightScribe System Software 1.10.16.1
    LogMeIn Hamachi
    Magic Bullet Looks Studio
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Messenger Plus! 5
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Choice Guard
    Microsoft Help Viewer 1.0
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x86)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Office Developer Tools (x86)
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Visual Studio Macro Tools
    Microsoft Works
    mIRC
    MotioninJoy ds3 driver version 0.5.0000
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    MyScribe
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 275.33
    NVIDIA Control Panel 275.33
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    OJOsoft VOB Converter
    On2 VP7 Personal Edition
    ooVoo
    PDF Settings CS4
    Photoshop Camera Raw
    Pinnacle Instant DVD Recorder
    Pinnacle Studio 12
    Pinnacle Studio 12 Ultimate Plugins
    Pinnacle Video Driver
    Pixel Bender Toolkit
    proDAD Vitascene 1.0
    PSSWCORE
    Python 2.5
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller Pro 2.5.3
    RGSS-RTP Standard
    RPGXP
    S4 League_EU
    Secure Download Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2584066)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
    Service Pack 1 for SQL Server 2008 (KB968369)
    Skype™ 5.3
    Snagit 10.0.1
    Soft Data Fax Modem with SmartCP
    Sql Server Customer Experience Improvement Program
    StepMania 3.9b (remove only)
    Suite Shared Configuration CS4
    swMSM
    System Requirements Lab
    TeamViewer 6
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    Trillian
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    Ulead VideoStudio 11
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update Installer for WildTangent Games App
    VideoStudio
    VideoToolkit01
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VitalSource Bookshelf
    VLC media player 1.1.11
    VMware Workstation
    WeatherBug Gadget
    Web Deployment Tool
    WildTangent Games App (HP Games)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/8/2011 2:02:55 AM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/8/2011 2:01:10 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/8/2011 2:00:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/8/2011 1:59:39 AM, Error: EventLog [6008] - The previous system shutdown at 1:57:18 AM on 11/8/2011 was unexpected.
    11/6/2011 7:36:32 AM, Error: EventLog [6008] - The previous system shutdown at 4:39:05 AM on 11/6/2011 was unexpected.
    11/6/2011 3:38:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    11/6/2011 3:15:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    11/6/2011 2:29:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1326.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/6/2011 2:29:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/6/2011 1:42:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    11/6/2011 1:42:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv i8042prt MpFilter spldr Wanarpv6
    11/6/2011 1:42:04 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/6/2011 1:41:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/6/2011 1:41:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/6/2011 1:41:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/6/2011 1:40:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/6/2011 1:40:22 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:26 AM on 11/6/2011 was unexpected.
    11/6/2011 1:34:25 AM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/5/2011 6:13:38 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:56 PM on 11/5/2011 was unexpected.
    11/5/2011 1:38:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DABOMB that believes that it is the master browser for the domain on transport NetBT_Tcpip_{642066A0-6518-49D0-9D93-2AC29A9C157. The master browser is stopping or an election is being forced.
    11/4/2011 9:06:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
    11/4/2011 7:09:36 PM, Error: EventLog [6008] - The previous system shutdown at 7:07:31 PM on 11/4/2011 was unexpected.
    11/4/2011 7:08:37 AM, Error: EventLog [6008] - The previous system shutdown at 7:05:33 AM on 11/4/2011 was unexpected.
    11/4/2011 2:39:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/4/2011 2:37:36 AM, Error: EventLog [6008] - The previous system shutdown at 2:34:17 AM on 11/4/2011 was unexpected.
    11/4/2011 12:18:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/4/2011 12:09:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt MpFilter spldr Wanarpv6
    11/4/2011 12:07:56 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:09 AM on 11/4/2011 was unexpected.
    11/4/2011 12:02:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/4/2011 12:01:45 AM, Error: EventLog [6008] - The previous system shutdown at 11:59:31 PM on 11/3/2011 was unexpected.
    11/3/2011 7:42:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
    11/3/2011 7:42:14 AM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/3/2011 4:42:03 AM, Error: EventLog [6008] - The previous system shutdown at 4:39:58 AM on 11/3/2011 was unexpected.
    11/1/2011 7:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 10:49:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/1/2011 1:34:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're running two AV programs, MSE and Eset.
    One of them has to go.
    Your choice.

    When done....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-08 16:36:18
    -----------------------------
    16:36:18.519 OS Version: Windows 6.0.6002 Service Pack 2
    16:36:18.519 Number of processors: 2 586 0x4303
    16:36:18.520 ComputerName: TAMIEKA-PC UserName:
    16:36:21.252 Initialize success
    16:41:22.754 AVAST engine defs: 11110801
    16:41:48.789 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000077
    16:41:48.791 Disk 0 Vendor: ST350063 3.CH Size: 476940MB BusType: 6
    16:41:50.798 Disk 0 MBR read successfully
    16:41:50.800 Disk 0 MBR scan
    16:41:50.807 Disk 0 unknown MBR code
    16:41:50.811 Disk 0 scanning sectors +976767120
    16:41:50.871 Disk 0 scanning C:\Windows\system32\drivers
    16:42:11.889 Service scanning
    16:42:13.570 Modules scanning
    16:42:20.705 Disk 0 trace - called modules:
    16:42:20.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    16:42:20.736 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c5e8c0]
    16:42:20.738 3 CLASSPNP.SYS[8a3aa8b3] -> nt!IofCallDriver -> [0x8524ff08]
    16:42:20.741 5 acpi.sys[89c146bc] -> nt!IofCallDriver -> \Device\00000077[0x852579c0]
    16:42:21.828 AVAST engine scan C:\Windows
    16:42:25.962 AVAST engine scan C:\Windows\system32
    16:46:45.563 AVAST engine scan C:\Windows\system32\drivers
    16:47:12.037 AVAST engine scan C:\Users\Administrator
    17:20:54.763 AVAST engine scan C:\ProgramData
    17:22:49.870 Scan finished successfully
    17:24:39.157 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
    17:24:39.161 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

    ComboFix 11-11-08.02 - Administrator 11/09/2011 6:08.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1918 [GMT -5:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ACC1\AppData\Roaming\crsscs.exe
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\desktop_21990112.ico
    c:\users\Administrator\AppData\Roaming\vso_ts_preview.xml
    c:\users\Tamieka\AppData\Roaming\vso_ts_preview.xml
    c:\windows\system32\jucheck.exe
    c:\windows\system32\jusched.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\Tamieka\AppData\Local\temp
    2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\ACC3\AppData\Local\temp
    2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\ACC2\AppData\Local\temp
    2011-11-09 11:18 . 2011-11-09 11:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\ACC1\AppData\Local\temp
    2011-11-09 10:45 . 2011-11-09 10:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\offreg.dll
    2011-11-09 10:30 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 10:30 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 10:30 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 10:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 06:32 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\mpengine.dll
    2011-11-08 22:32 . 2011-11-08 22:32 108032 ----a-w- c:\windows\system32\eczfw.exe
    2011-11-08 19:15 . 2011-11-09 11:01 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2011-11-08 16:07 . 2011-11-08 16:07 108032 ----a-w- c:\windows\system32\yqlas.exe
    2011-11-08 10:31 . 2011-11-08 10:31 108032 ----a-w- c:\windows\system32\fdyeg.exe
    2011-11-08 10:31 . 2011-11-08 10:31 108032 ----a-w- c:\windows\system32\cjpht.exe
    2011-11-08 07:03 . 2011-11-08 07:03 108032 ----a-w- c:\windows\system32\uazzm.exe
    2011-11-08 07:03 . 2011-11-08 07:03 108032 ----a-w- c:\windows\system32\mcbaq.exe
    2011-11-07 20:03 . 2011-11-06 04:43 108032 ---h--w- c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe
    2011-11-07 15:12 . 2011-11-07 15:12 108032 ----a-w- c:\windows\system32\rjfrm.exe
    2011-11-07 04:55 . 2011-11-07 04:55 108032 ----a-w- c:\windows\system32\ywspy.exe
    2011-11-07 03:53 . 2011-11-07 03:53 108032 ----a-w- c:\windows\system32\ghnhh.exe
    2011-11-07 03:53 . 2011-11-07 03:53 108032 ----a-w- c:\windows\system32\bhujv.exe
    2011-11-06 18:38 . 2011-11-06 18:38 520192 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe
    2011-11-06 18:27 . 2011-11-06 18:27 520192 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe
    2011-11-06 08:38 . 2011-11-06 08:38 108032 ----a-w- c:\windows\system32\fkxve.exe
    2011-11-06 06:33 . 2011-11-06 06:33 -------- d-----w- c:\program files\ESET
    2011-11-06 05:02 . 2011-11-06 05:02 108032 ----a-w- c:\windows\system32\fcpxf.exe
    2011-11-06 04:43 . 2011-11-06 04:43 108032 ----a-w- c:\windows\system32\fnslt.exe
    2011-11-06 04:43 . 2011-11-06 04:43 108032 ----a-w- c:\windows\system32\zrons.exe
    2011-11-05 23:03 . 2011-11-05 23:03 438272 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe
    2011-11-05 23:02 . 2011-11-05 23:02 438272 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe
    2011-11-04 09:15 . 2011-11-04 09:15 119808 ----a-w- c:\windows\system32\rfkvm.exe
    2011-11-04 04:45 . 2011-11-04 04:45 119808 ----a-w- c:\windows\system32\ylikf.exe
    2011-11-04 00:09 . 2011-11-04 00:09 119808 ----a-w- c:\windows\system32\movsq.exe
    2011-11-03 23:00 . 2011-11-03 03:50 72704 ---h--w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe
    2011-11-03 22:45 . 2011-11-03 03:50 72704 ---h--w- c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe
    2011-11-03 21:48 . 2011-11-03 03:50 72704 ---h--w- c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe
    2011-11-03 15:25 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-11-03 15:25 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-11-03 15:25 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-11-03 15:25 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-11-03 15:25 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-11-03 15:25 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-11-03 15:25 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-11-03 15:25 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-11-03 00:19 . 2011-11-08 22:50 -------- d-----w- c:\users\ACC2\AppData\Local\Akamai
    2011-10-29 00:28 . 2011-10-29 01:53 -------- d-----w- c:\users\ACC2\AppData\Roaming\Magic Academy
    2011-10-29 00:26 . 2011-10-29 00:26 -------- d-----w- c:\users\ACC2\AppData\Roaming\iWin
    2011-10-29 00:14 . 2011-10-29 00:14 -------- d-----w- c:\programdata\MinigolfAdventures
    2011-10-27 23:55 . 2011-10-27 23:55 -------- d-----w- c:\users\ACC2\AppData\Roaming\PlayFirst
    2011-10-27 23:33 . 2011-10-27 23:33 -------- d-----w- c:\users\ACC2\AppData\Local\Microsoft Games
    2011-10-13 00:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-13 00:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 00:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 00:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-13 00:10 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 00:10 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 00:10 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-13 00:10 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-13 00:10 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-03 03:52 . 2011-07-05 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-31 21:00 . 2011-08-09 11:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-27 01:34 . 2011-08-26 01:34 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-08-26 01:34 . 2011-08-26 01:34 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2011-08-25 17:05 . 2011-08-25 17:05 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-08-13 06:51 . 2011-08-13 06:51 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-08-13 06:51 . 2011-08-13 06:51 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-08-13 06:51 . 2011-08-13 06:51 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2007-11-07 06:19 . 2011-07-04 08:05 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
    2007-11-07 06:19 . 2011-07-04 08:05 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
    2011-04-14 16:26 . 2011-11-03 15:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "HPADVISOR"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
    "Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
    "Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
    "Facebook Update"="c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "PAC207_Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
    "UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
    "USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "PlusService"=c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
    "Microsoft Explorer"=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwrtaw5.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R1 MpKsl10f0ddd7;MpKsl10f0ddd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl10f0ddd7.sys [x]
    R1 MpKsl164cb79c;MpKsl164cb79c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980E669E-4F13-449F-87F2-F40F539F1AF9}\MpKsl164cb79c.sys [x]
    R1 MpKsl1c940dff;MpKsl1c940dff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2F90A7-EBDE-4E78-AA7E-2343848A5DBE}\MpKsl1c940dff.sys [x]
    R1 MpKsl2293e68c;MpKsl2293e68c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKsl2293e68c.sys [x]
    R1 MpKsl2f7e7928;MpKsl2f7e7928;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BB46D3B-60B2-4563-9FC4-89E3EE141F0A}\MpKsl2f7e7928.sys [x]
    R1 MpKsl4c6d8018;MpKsl4c6d8018;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl4c6d8018.sys [x]
    R1 MpKsl5a715108;MpKsl5a715108;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CDBAE7C-8A83-48CE-968D-C26E0F0E875A}\MpKsl5a715108.sys [x]
    R1 MpKsl5ccdf264;MpKsl5ccdf264;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsl5ccdf264.sys [x]
    R1 MpKsl64e001d0;MpKsl64e001d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609CDC53-3A65-4645-9889-B506C91E755B}\MpKsl64e001d0.sys [x]
    R1 MpKsl88a9f994;MpKsl88a9f994;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97F4D0DE-3238-46E3-A5A8-5C5622166964}\MpKsl88a9f994.sys [x]
    R1 MpKsl9014671a;MpKsl9014671a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7270BFC-7AAA-43A2-84DD-483F0D21B645}\MpKsl9014671a.sys [x]
    R1 MpKsl92fde231;MpKsl92fde231;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKsl92fde231.sys [x]
    R1 MpKsl95a3d499;MpKsl95a3d499;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36AE1A3E-B7C0-4AE6-B18F-076AF6105EA7}\MpKsl95a3d499.sys [x]
    R1 MpKslac0f5248;MpKslac0f5248;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKslac0f5248.sys [x]
    R1 MpKslb16177bd;MpKslb16177bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAA217E6-6411-4B81-8E81-4274B4DE8CB6}\MpKslb16177bd.sys [x]
    R1 MpKslc10345fd;MpKslc10345fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKslc10345fd.sys [x]
    R1 MpKsle70ecca4;MpKsle70ecca4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsle70ecca4.sys [x]
    R1 MpKslf2b327d1;MpKslf2b327d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKslf2b327d1.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
    R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
    R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
    R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
    R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
    R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-25 232512]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-07-20 1526592]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-31 10064]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2008-01-19 07:33 128000 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    - c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    - c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    - c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    - c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
    - c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
    - c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
    .
    2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    - c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    - c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    - c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    - c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
    .
    2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bfmvu5xy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
    WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
    HKLM-Run-Microsoft Explorer - c:\programdata\qwrtaw5.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-09 06:20
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_a74ca62.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,94,
    5a,f3,87,4e,0c,85,a1,42,59,e3,ac,e0,88
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,6b,
    b3,57,bf,24,05,98,7a,4e,05,ef,50,55,0b
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e4,
    a9,17,59,32,04,a0,2b,08,f3,01,c8,4e,e4
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,80,
    e9,96,8d,38,0d,83,6d,2c,1d,8f,a0,ec,6c
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:30,8c,b2,27,b6,49,cc,01
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="CodeBlocks.cpp"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="flv_auto_file"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IrfanView.gif"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="CodeBlocks.h"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hlp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="hlpfile"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M3U"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Opera.HTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Opera.HTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\i_view32.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Opera.HTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WinRAR.ZIP"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Device Parameters\MODES]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3528)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-11-09 06:23:45
    ComboFix-quarantined-files.txt 2011-11-09 11:23
    .
    Pre-Run: 207,446,327,296 bytes free
    Post-Run: 208,742,674,432 bytes free
    .
    - - End Of File - - 84D1E451DAAC250EB611FA6DFB8A402D
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe
    c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe
    c:\windows\system32\movsq.exe
    c:\windows\system32\ylikf.exe
    c:\windows\system32\rfkvm.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe
    c:\windows\system32\zrons.exe
    c:\windows\system32\fnslt.exe
    c:\windows\system32\fcpxf.exe
    c:\windows\system32\fkxve.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe
    c:\windows\system32\bhujv.exe
    c:\windows\system32\ghnhh.exe
    c:\windows\system32\ywspy.exe
    c:\windows\system32\rjfrm.exe
    c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe
    c:\windows\system32\mcbaq.exe
    c:\windows\system32\uazzm.exe
    c:\windows\system32\cjpht.exe
    c:\windows\system32\fdyeg.exe
    c:\windows\system32\yqlas.exe
    c:\windows\system32\eczfw.exe
    
    
    Folder::
    
    Driver::
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  8. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    ComboFix 11-11-09.01 - Administrator 11/09/2011 13:04:29.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1539 [GMT -5:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe"
    "c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe"
    "c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe"
    "c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe"
    "c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe"
    "c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe"
    "c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe"
    "c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe"
    "c:\windows\system32\bhujv.exe"
    "c:\windows\system32\cjpht.exe"
    "c:\windows\system32\eczfw.exe"
    "c:\windows\system32\fcpxf.exe"
    "c:\windows\system32\fdyeg.exe"
    "c:\windows\system32\fkxve.exe"
    "c:\windows\system32\fnslt.exe"
    "c:\windows\system32\ghnhh.exe"
    "c:\windows\system32\mcbaq.exe"
    "c:\windows\system32\movsq.exe"
    "c:\windows\system32\rfkvm.exe"
    "c:\windows\system32\rjfrm.exe"
    "c:\windows\system32\uazzm.exe"
    "c:\windows\system32\ylikf.exe"
    "c:\windows\system32\yqlas.exe"
    "c:\windows\system32\ywspy.exe"
    "c:\windows\system32\zrons.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe
    c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe
    c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe
    c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe
    c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe
    c:\windows\system32\bhujv.exe
    c:\windows\system32\cjpht.exe
    c:\windows\system32\eczfw.exe
    c:\windows\system32\fcpxf.exe
    c:\windows\system32\fdyeg.exe
    c:\windows\system32\fkxve.exe
    c:\windows\system32\fnslt.exe
    c:\windows\system32\ghnhh.exe
    c:\windows\system32\mcbaq.exe
    c:\windows\system32\movsq.exe
    c:\windows\system32\rfkvm.exe
    c:\windows\system32\rjfrm.exe
    c:\windows\system32\uazzm.exe
    c:\windows\system32\ylikf.exe
    c:\windows\system32\yqlas.exe
    c:\windows\system32\ywspy.exe
    c:\windows\system32\zrons.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\Tamieka\AppData\Local\temp
    2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\ACC3\AppData\Local\temp
    2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\ACC2\AppData\Local\temp
    2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\ACC1\AppData\Local\temp
    2011-11-09 10:45 . 2011-11-09 10:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\offreg.dll
    2011-11-09 10:30 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 10:30 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 10:30 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 10:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 06:32 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\mpengine.dll
    2011-11-08 19:15 . 2011-11-09 11:01 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2011-11-06 06:33 . 2011-11-06 06:33 -------- d-----w- c:\program files\ESET
    2011-11-03 15:25 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-11-03 15:25 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-11-03 15:25 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-11-03 15:25 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-11-03 15:25 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-11-03 15:25 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-11-03 15:25 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-11-03 15:25 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-11-03 00:19 . 2011-11-08 22:50 -------- d-----w- c:\users\ACC2\AppData\Local\Akamai
    2011-10-29 00:28 . 2011-10-29 01:53 -------- d-----w- c:\users\ACC2\AppData\Roaming\Magic Academy
    2011-10-29 00:26 . 2011-10-29 00:26 -------- d-----w- c:\users\ACC2\AppData\Roaming\iWin
    2011-10-29 00:14 . 2011-10-29 00:14 -------- d-----w- c:\programdata\MinigolfAdventures
    2011-10-27 23:55 . 2011-10-27 23:55 -------- d-----w- c:\users\ACC2\AppData\Roaming\PlayFirst
    2011-10-27 23:33 . 2011-10-27 23:33 -------- d-----w- c:\users\ACC2\AppData\Local\Microsoft Games
    2011-10-13 00:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-13 00:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 00:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 00:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-13 00:10 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 00:10 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 00:10 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-13 00:10 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-13 00:10 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-03 03:52 . 2011-07-05 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-31 21:00 . 2011-08-09 11:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-27 01:34 . 2011-08-26 01:34 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-08-26 01:34 . 2011-08-26 01:34 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2011-08-25 17:05 . 2011-08-25 17:05 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-08-13 06:51 . 2011-08-13 06:51 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-08-13 06:51 . 2011-08-13 06:51 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-08-13 06:51 . 2011-08-13 06:51 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2007-11-07 06:19 . 2011-07-04 08:05 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
    2007-11-07 06:19 . 2011-07-04 08:05 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
    2011-04-14 16:26 . 2011-11-03 15:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "HPADVISOR"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
    "Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
    "Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
    "Facebook Update"="c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "PAC207_Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
    "UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
    "USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "PlusService"=c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
    "Microsoft Explorer"=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwrtaw5.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R1 MpKsl10f0ddd7;MpKsl10f0ddd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl10f0ddd7.sys [x]
    R1 MpKsl164cb79c;MpKsl164cb79c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980E669E-4F13-449F-87F2-F40F539F1AF9}\MpKsl164cb79c.sys [x]
    R1 MpKsl1c940dff;MpKsl1c940dff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2F90A7-EBDE-4E78-AA7E-2343848A5DBE}\MpKsl1c940dff.sys [x]
    R1 MpKsl2293e68c;MpKsl2293e68c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKsl2293e68c.sys [x]
    R1 MpKsl2f7e7928;MpKsl2f7e7928;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BB46D3B-60B2-4563-9FC4-89E3EE141F0A}\MpKsl2f7e7928.sys [x]
    R1 MpKsl4c6d8018;MpKsl4c6d8018;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl4c6d8018.sys [x]
    R1 MpKsl5a715108;MpKsl5a715108;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CDBAE7C-8A83-48CE-968D-C26E0F0E875A}\MpKsl5a715108.sys [x]
    R1 MpKsl5ccdf264;MpKsl5ccdf264;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsl5ccdf264.sys [x]
    R1 MpKsl64e001d0;MpKsl64e001d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609CDC53-3A65-4645-9889-B506C91E755B}\MpKsl64e001d0.sys [x]
    R1 MpKsl88a9f994;MpKsl88a9f994;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97F4D0DE-3238-46E3-A5A8-5C5622166964}\MpKsl88a9f994.sys [x]
    R1 MpKsl9014671a;MpKsl9014671a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7270BFC-7AAA-43A2-84DD-483F0D21B645}\MpKsl9014671a.sys [x]
    R1 MpKsl92fde231;MpKsl92fde231;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKsl92fde231.sys [x]
    R1 MpKsl95a3d499;MpKsl95a3d499;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36AE1A3E-B7C0-4AE6-B18F-076AF6105EA7}\MpKsl95a3d499.sys [x]
    R1 MpKslac0f5248;MpKslac0f5248;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKslac0f5248.sys [x]
    R1 MpKslb16177bd;MpKslb16177bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAA217E6-6411-4B81-8E81-4274B4DE8CB6}\MpKslb16177bd.sys [x]
    R1 MpKslc10345fd;MpKslc10345fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKslc10345fd.sys [x]
    R1 MpKsle70ecca4;MpKsle70ecca4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsle70ecca4.sys [x]
    R1 MpKslf2b327d1;MpKslf2b327d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKslf2b327d1.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
    R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
    R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
    R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
    R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
    R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-25 232512]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-07-20 1526592]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-31 10064]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2008-01-19 07:33 128000 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    - c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    - c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    - c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    - c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
    - c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
    .
    2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
    - c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
    .
    2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    - c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    - c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    - c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    - c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
    .
    2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bfmvu5xy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-09 13:16
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_a74ca62.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,94,
    5a,f3,87,4e,0c,85,a1,42,59,e3,ac,e0,88
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,6b,
    b3,57,bf,24,05,98,7a,4e,05,ef,50,55,0b
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e4,
    a9,17,59,32,04,a0,2b,08,f3,01,c8,4e,e4
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,80,
    e9,96,8d,38,0d,83,6d,2c,1d,8f,a0,ec,6c
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:30,8c,b2,27,b6,49,cc,01
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="CodeBlocks.cpp"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="flv_auto_file"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IrfanView.gif"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="CodeBlocks.h"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hlp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="hlpfile"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M3U"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Opera.HTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Opera.HTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\i_view32.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Opera.HTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WinRAR.ZIP"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Device Parameters\MODES]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    Completion time: 2011-11-09 13:23:01
    ComboFix-quarantined-files.txt 2011-11-09 18:22
    ComboFix2.txt 2011-11-09 11:23
    .
    Pre-Run: 206,866,366,464 bytes free
    Post-Run: 206,826,479,616 bytes free
    .
    - - End Of File - - F0D5C84A722E53E4EF79739350E6C8CD
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    I haven't had access to the home PC and I'll be returning home within the next 2 days if that is ok, so I will not be able to follow up on your current instructions yet. I haven't experienced any BSODs or any other errors if I recall when restarting or shutting down the computer. I will post the next 2 logs as as soon as possible.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK......................
     
  12. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    OTL logfile created on: 11/12/2011 3:24:11 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 66.42% Memory free
    5.97 Gb Paging File | 4.88 Gb Available in Paging File | 81.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.26 Gb Total Space | 179.21 Gb Free Space | 39.28% Space Free | Partition Type: NTFS
    Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

    Computer Name: TAMIEKA-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/09 14:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    PRC - [2011/07/20 09:40:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    PRC - [2011/07/20 09:38:40 | 001,526,592 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    PRC - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/05/25 01:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2010/11/11 12:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
    PRC - [2010/11/11 12:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
    PRC - [2010/11/11 12:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2007/09/19 09:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
    PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    PRC - [2006/05/24 01:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASv2K.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/28 16:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/11 23:15:19 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll -- (Akamai)
    SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2011/07/20 09:38:40 | 001,526,592 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/07/20 09:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/07/05 07:26:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2010/11/11 12:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2010/11/11 12:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service)
    SRV - [2010/11/11 12:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
    SRV - [2006/05/24 01:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\System32\StkASv2K.exe -- (StkASSrv)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/25 12:05:47 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/05/31 13:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2011/05/25 01:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2010/11/11 12:48:50 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmci.sys -- (vmci)
    DRV - [2010/11/11 12:48:48 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmx86.sys -- (vmx86)
    DRV - [2010/11/11 12:47:12 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2010/11/11 12:46:08 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2010/11/11 11:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hcmon.sys -- (hcmon)
    DRV - [2010/11/11 09:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vmusb.sys -- (vmusb)
    DRV - [2010/11/11 09:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2010/11/11 09:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2010/08/19 12:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\eamon.sys -- (eamon)
    DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2008/02/13 16:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PFC027.SYS -- (PAC207)
    DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/10/12 11:56:20 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emAudio.sys -- (emAudio)
    DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/09/26 22:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StkAMini.sys -- (StkAMini)
    DRV - [2006/08/02 01:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StkScan.sys -- (StkScan)
    DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
    DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
    DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
    DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MarvinBus.sys -- (MarvinBus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Administrator\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/03 10:25:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 10:25:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/06 01:33:53 | 000,000,000 | ---D | M]

    [2011/11/03 02:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
    [2011/11/06 03:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions
    [2011/11/03 02:33:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/03 02:33:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/11/03 02:33:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/11/03 02:33:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    [2011/11/03 02:33:12 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\info@djzig.com
    [2011/11/03 10:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/27 00:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/08 09:37:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0N680VPE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
    [2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/05/12 15:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
    [2010/05/12 15:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    [2010/05/12 15:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
    [2010/05/12 15:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/05/12 16:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
    [2010/05/12 15:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/06/25 09:28:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: NPAPI plugin to host SDM ActiveX (Enabled) = C:\Users\Administrator\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
    CHR - Extension: Poppit = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2011/11/09 13:16:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B91069DE-4BBF-49B1-9E09-9E8ADB83B2BA}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/10/10 11:30:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
    Drivers32: vidc.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\alaplaya
    [2011/11/09 14:53:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2011/11/09 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
    [2011/11/09 13:22:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/11/09 12:59:03 | 004,287,742 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2011/11/08 17:40:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/08 17:40:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/08 17:40:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/08 17:40:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/08 17:40:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/08 14:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
    [2011/11/08 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
    [2011/11/08 14:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
    [2011/11/08 13:10:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Test Site
    [2011/11/08 12:33:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Python Tutorials
    [2011/11/07 03:08:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder
    [2011/11/06 04:34:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\VBA Stuff
    [2011/11/06 04:30:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RPGM
    [2011/11/06 01:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2011/11/06 01:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2011/11/06 01:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/04 09:36:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\1636 - Pokemon Fire Red (U)(Squirrels)
    [2011/11/03 02:33:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
    [2011/11/03 02:00:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\MozProf
    [2011/11/02 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (6)
    [2011/11/02 12:37:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Edited
    [2011/10/31 20:31:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\pokestarter
    [2011/10/29 15:14:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Tracks
    [2011/10/28 19:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MinigolfAdventures
    [2011/10/13 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\No_limit_Winmugen_patch
    [2011/10/13 23:33:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Audio Files
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/12 15:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    [2011/11/12 15:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    [2011/11/12 15:22:10 | 000,216,064 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/12 14:54:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500UA.job
    [2011/11/12 14:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
    [2011/11/12 14:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    [2011/11/12 13:47:54 | 000,727,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/12 13:47:54 | 000,152,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/12 13:42:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/12 13:42:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/12 13:42:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/12 13:42:13 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/12 13:42:09 | 271,069,872 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/12 13:20:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    [2011/11/11 22:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    [2011/11/11 21:36:59 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
    [2011/11/11 21:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    [2011/11/11 20:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
    [2011/11/11 19:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    [2011/11/11 16:54:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500Core.job
    [2011/11/11 16:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    [2011/11/11 07:52:52 | 000,000,704 | ---- | M] () -- C:\Users\Administrator\Desktop\testpage.html
    [2011/11/11 07:45:14 | 000,062,906 | ---- | M] () -- C:\Users\Administrator\Documents\Thanks for Joining!.pdf
    [2011/11/10 00:05:30 | 000,002,475 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
    [2011/11/09 14:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2011/11/09 13:16:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/09 13:00:00 | 004,287,742 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2011/11/09 09:34:06 | 000,074,025 | ---- | M] () -- C:\Users\Administrator\Desktop\snoopy_dog.gif
    [2011/11/09 09:34:03 | 000,027,475 | ---- | M] () -- C:\Users\Administrator\Desktop\kdwcq.jpg
    [2011/11/08 17:24:39 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
    [2011/11/08 16:36:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/11/08 15:31:44 | 002,251,033 | ---- | M] () -- C:\Users\Administrator\Desktop\08 Get Ready (Select Screen, Gekisou Sentai Car Ranger).mp3
    [2011/11/08 13:08:01 | 000,000,505 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\testpage.html - Shortcut.lnk
    [2011/11/06 04:34:38 | 000,001,405 | ---- | M] () -- C:\Users\Administrator\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
    [2011/11/06 03:16:18 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
    [2011/11/04 12:56:01 | 000,025,452 | ---- | M] () -- C:\Users\Administrator\Desktop\d.gif
    [2011/11/04 12:49:52 | 001,026,964 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled-2.psd
    [2011/11/04 07:50:50 | 000,001,682 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
    [2011/11/03 10:25:44 | 000,000,832 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/11/01 17:53:08 | 002,416,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/10/29 14:56:45 | 000,004,193 | ---- | M] () -- C:\Users\Administrator\AppData\Local\devcpp.ini
    [2011/10/29 14:56:45 | 000,000,273 | ---- | M] () -- C:\Users\Administrator\AppData\Local\devcpp.cfg
    [2011/10/28 23:06:12 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\Project64k.exe - Shortcut.lnk
    [2011/10/28 23:06:12 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\ePSXe.exe - Shortcut.lnk
    [2011/10/28 23:05:57 | 000,001,007 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winmugen.exe - Shortcut.lnk
    [2011/10/25 14:04:19 | 000,099,022 | ---- | M] () -- C:\Users\Administrator\Desktop\Watch the Throne (Deluxe Version) 1.jpg
    [2011/10/23 14:13:59 | 000,334,080 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.swf
    [2011/10/23 10:52:48 | 001,245,184 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.fla
    [2011/10/23 07:27:16 | 000,428,544 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test3.fla
    [2011/10/23 07:23:50 | 000,018,179 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.swf
    [2011/10/23 07:17:02 | 000,357,888 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.fla
    [2011/10/23 07:09:40 | 000,013,958 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.swf
    [2011/10/23 07:00:42 | 000,018,277 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1_Scene 1.swf
    [2011/10/22 12:53:24 | 000,057,489 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-4.swf
    [2011/10/22 12:53:10 | 000,464,896 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.fla
    [2011/10/22 12:52:40 | 000,029,088 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.swf
    [2011/10/22 08:48:59 | 000,109,056 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.fla
    [2011/10/19 09:57:06 | 000,573,730 | ---- | M] () -- C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
    [2011/10/17 11:01:44 | 000,172,544 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-4.fla
    [2011/10/17 06:26:28 | 000,160,930 | ---- | M] () -- C:\Users\Administrator\Desktop\b43.psd
    [2011/10/16 05:26:47 | 000,103,082 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-1.swf
    [2011/10/14 05:29:30 | 000,010,140 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-1.html
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  13. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    ========== Files Created - No Company Name ==========

    [2011/11/11 21:36:59 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
    [2011/11/09 09:34:03 | 000,027,475 | ---- | C] () -- C:\Users\Administrator\Desktop\kdwcq.jpg
    [2011/11/08 17:46:35 | 3085,426,688 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/08 17:40:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/08 17:40:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/08 17:40:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/08 17:40:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/08 17:40:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/08 17:24:39 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
    [2011/11/08 15:31:24 | 002,251,033 | ---- | C] () -- C:\Users\Administrator\Desktop\08 Get Ready (Select Screen, Gekisou Sentai Car Ranger).mp3
    [2011/11/08 13:08:01 | 000,000,505 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\testpage.html - Shortcut.lnk
    [2011/11/08 13:03:32 | 000,000,704 | ---- | C] () -- C:\Users\Administrator\Desktop\testpage.html
    [2011/11/08 04:01:22 | 000,101,832 | ---- | C] () -- C:\Users\Administrator\Desktop\normal__b36e7ce32af87b052e4f34857f13aaac_49.png.jpg
    [2011/11/08 03:59:23 | 000,096,940 | ---- | C] () -- C:\Users\Administrator\Desktop\normal__41ca2294844fd7c8b301bdc128f3bdbd_35.png.jpg
    [2011/11/08 03:59:04 | 000,104,919 | ---- | C] () -- C:\Users\Administrator\Desktop\normal__9982dab50fc7bd189a9dc87874bdca73_33.png.jpg
    [2011/11/08 02:05:44 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.exe
    [2011/11/06 04:34:35 | 000,001,405 | ---- | C] () -- C:\Users\Administrator\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
    [2011/11/04 12:56:00 | 000,025,452 | ---- | C] () -- C:\Users\Administrator\Desktop\d.gif
    [2011/11/04 12:49:51 | 001,026,964 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled-2.psd
    [2011/11/03 10:25:44 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/11/03 02:32:34 | 000,000,832 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/10/27 13:36:04 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\ePSXe.exe - Shortcut.lnk
    [2011/10/25 14:04:20 | 000,099,022 | ---- | C] () -- C:\Users\Administrator\Desktop\Watch the Throne (Deluxe Version) 1.jpg
    [2011/10/23 10:30:19 | 000,334,080 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.swf
    [2011/10/23 10:26:59 | 001,245,184 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.fla
    [2011/10/23 08:07:07 | 000,001,007 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winmugen.exe - Shortcut.lnk
    [2011/10/23 07:25:14 | 000,428,544 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test3.fla
    [2011/10/23 07:23:48 | 000,018,179 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.swf
    [2011/10/23 07:17:02 | 000,357,888 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.fla
    [2011/10/23 07:00:41 | 000,018,277 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1_Scene 1.swf
    [2011/10/23 06:59:29 | 000,013,958 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.swf
    [2011/10/22 12:53:10 | 000,464,896 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.fla
    [2011/10/22 09:32:53 | 000,029,088 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.swf
    [2011/10/22 08:48:59 | 000,109,056 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.fla
    [2011/10/22 06:30:44 | 000,057,489 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-4.swf
    [2011/10/19 09:57:06 | 000,573,730 | ---- | C] () -- C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
    [2011/10/17 11:01:43 | 000,172,544 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-4.fla
    [2011/10/17 06:26:26 | 000,160,930 | ---- | C] () -- C:\Users\Administrator\Desktop\b43.psd
    [2011/10/14 05:29:30 | 000,010,140 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-1.html
    [2011/10/14 05:17:30 | 000,103,082 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-1.swf
    [2011/09/14 06:27:51 | 002,416,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/07/28 22:41:46 | 000,417,800 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Tempsi.png
    [2011/07/14 16:02:14 | 000,000,273 | ---- | C] () -- C:\Windows\kaillera.ini
    [2011/07/03 03:26:45 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
    [2011/07/03 03:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
    [2011/06/15 09:37:49 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2011/06/15 09:37:49 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2011/06/15 09:37:49 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2011/06/15 09:37:49 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2011/06/15 09:37:49 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2011/06/15 09:37:49 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2011/06/01 13:27:45 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\62E918FA1B.sys
    [2011/06/01 13:27:42 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2011/05/29 18:55:45 | 000,000,273 | ---- | C] () -- C:\Users\Administrator\AppData\Local\devcpp.cfg
    [2011/05/29 18:55:22 | 000,004,193 | ---- | C] () -- C:\Users\Administrator\AppData\Local\devcpp.ini
    [2011/05/29 09:00:31 | 002,044,503 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Mozilla.rar
    [2011/05/28 17:55:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/05/28 17:55:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/05/28 17:54:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/05/27 14:58:29 | 000,246,488 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/05/27 14:10:11 | 000,216,064 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/27 00:24:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/05/27 00:21:47 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
    [2010/10/10 11:24:41 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2010/10/10 11:12:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
    [2010/10/10 11:10:21 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
    [2010/10/10 11:10:21 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
    [2008/02/08 16:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
    [2007/10/25 22:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
    [2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
    [2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,727,198 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,152,136 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
    [2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
    [2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

    ========== LOP Check ==========

    [2011/06/06 10:43:03 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\DisplayTune
    [2011/06/12 16:19:56 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\FrostWire
    [2011/08/02 02:02:14 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\ICAClient
    [2011/09/18 14:48:25 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\ooVoo Details
    [2011/08/05 16:59:34 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\OpenCandy
    [2011/11/11 20:31:47 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\Sammsoft
    [2011/05/28 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\Softland
    [2011/05/28 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\TuneUp Software
    [2011/06/16 09:12:44 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\Ulead Systems
    [2011/09/23 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\WildTangent
    [2011/07/24 21:13:09 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\acccore
    [2011/06/06 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\DisplayTune
    [2011/09/12 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\HTML Executable
    [2011/07/20 07:02:58 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\ICAClient
    [2011/10/28 19:26:30 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\iWin
    [2011/10/28 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Magic Academy
    [2011/07/06 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\MyScribe
    [2011/07/04 00:03:45 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Opera
    [2011/10/27 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\PlayFirst
    [2011/05/27 19:24:35 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Snapfish
    [2011/05/27 19:25:20 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Softland
    [2011/05/27 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\TuneUp Software
    [2011/06/16 09:22:00 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Ulead Systems
    [2011/09/26 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\WildTangent
    [2011/06/08 15:26:46 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\DisplayTune
    [2011/07/20 07:03:13 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\ICAClient
    [2011/07/03 01:10:15 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Notepad++
    [2011/09/24 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\ooVoo Details
    [2011/06/20 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Opera
    [2011/05/30 09:06:34 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Softland
    [2011/06/08 16:00:01 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\TuneUp Software
    [2011/06/17 15:06:42 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Ulead Systems
    [2011/06/26 17:47:35 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\WildTangent
    [2011/07/24 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore
    [2011/07/02 14:46:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
    [2011/09/13 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
    [2011/07/13 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DisplayTune
    [2011/06/30 03:22:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Downloaded Installations
    [2011/11/08 01:59:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
    [2011/07/02 15:41:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
    [2011/07/08 08:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\e-academy Inc
    [2011/09/13 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
    [2011/07/04 04:59:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free MP3 WMA OGG Converter
    [2011/10/01 19:03:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hex-Rays
    [2011/09/11 23:31:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTML Executable
    [2011/07/19 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
    [2011/09/24 16:17:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IcoFX
    [2011/07/04 03:32:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
    [2011/10/11 20:25:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
    [2011/07/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ManyCam
    [2011/07/24 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
    [2011/08/20 13:05:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyScribe
    [2011/06/19 10:55:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
    [2011/07/24 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
    [2011/07/03 03:27:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\proDAD
    [2011/07/13 01:29:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Snapfish
    [2011/05/27 18:49:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Softland
    [2011/05/28 22:03:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Solveig Multimedia
    [2011/06/05 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
    [2011/07/05 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
    [2011/09/09 16:44:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeraCopy
    [2011/08/10 23:41:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\The Professional Developer, LLC
    [2011/09/03 21:33:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian
    [2011/09/09 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TrueCrypt
    [2011/07/15 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
    [2011/06/12 08:16:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypingMaster7
    [2011/06/15 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
    [2011/11/12 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
    [2011/07/09 01:47:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VBA-M
    [2011/08/03 07:25:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
    [2011/09/23 22:49:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WildTangent
    [2011/07/18 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
    [2011/07/02 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft Corporation
    [2011/09/09 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XYplorer
    [2011/06/06 06:20:16 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\DisplayTune
    [2011/07/19 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\ICAClient
    [2011/07/29 14:40:40 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\MotioninJoy
    [2011/07/22 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\PrimericaRing
    [2011/06/10 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\PrimericaRingInstall
    [2011/05/27 00:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Snapfish
    [2011/06/07 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Softland
    [2011/07/04 12:48:03 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Template
    [2011/05/28 06:00:02 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\TuneUp Software
    [2011/06/15 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Ulead Systems
    [2011/07/29 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Vso
    [2011/11/11 21:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
    [2011/11/12 15:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
    [2011/11/11 22:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
    [2011/11/12 13:20:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
    [2011/11/11 20:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
    [2011/11/12 14:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
    [2011/11/12 01:05:22 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/07/06 07:13:47 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/09/29 15:10:21 | 000,008,412 | ---- | M] () -- C:\0165 - MegaMan Battle Network (U)(Venom).clt
    [2011/06/08 23:06:13 | 000,008,412 | ---- | M] () -- C:\1268 - Harvest Moon - Friends of Mineral Town (U)(Mode7).clt
    [2010/10/10 11:30:44 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/10/10 14:44:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/11/09 13:23:03 | 000,037,907 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/07/18 09:19:33 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
    [2011/09/02 18:41:08 | 000,000,511 | ---- | M] () -- C:\gca_settings.cfg
    [2011/11/12 13:42:13 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/31 09:10:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/07/24 18:12:16 | 000,000,376 | -H-- | M] () -- C:\IPH.PH
    [2011/05/31 09:10:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/11/12 13:42:10 | 3399,294,976 | -HS- | M] () -- C:\pagefile.sys
    [2011/07/13 01:12:37 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
    [2011/07/13 01:15:01 | 000,000,184 | ---- | M] () -- C:\pivot.log
    [2011/05/28 14:30:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2011/05/28 14:32:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2011/05/28 14:30:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2011/05/28 14:32:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/05/28 18:45:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/07/09 11:35:55 | 000,001,658 | -H-- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2011/05/28 08:57:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/07/15 15:50:23 | 000,000,286 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/09 13:00:00 | 004,287,742 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2011/11/03 00:37:34 | 012,521,992 | ---- | M] (Mozilla) -- C:\Users\Administrator\Desktop\Firefox Setup 4.0.1.exe
    [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
    [2011/11/09 14:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/05/27 00:22:07 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/10/10 11:24:55 | 000,000,342 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto >

    < Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835

    < End of report >
     
  14. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    OTL Extras logfile created on: 11/12/2011 3:24:11 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 66.42% Memory free
    5.97 Gb Paging File | 4.88 Gb Available in Paging File | 81.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.26 Gb Total Space | 179.21 Gb Free Space | 39.28% Space Free | Partition Type: NTFS
    Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

    Computer Name: TAMIEKA-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- Reg Error: Value error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
    "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06DF3AF2-568D-44D1-AF35-9EF1B830A834}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{15662D22-4B50-481D-BA3F-03F89495948C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1D6C889B-25F0-49A2-9547-AC857F3906F0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{25935DDE-FFF3-49E0-8DBD-F7940DA69BE4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{2DF2CE47-6F72-492C-A32D-8C0512BE89D1}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
    "{30A4529B-0BC4-4053-8F66-D445A88AE830}" = lport=139 | protocol=6 | dir=in | app=system |
    "{422E5352-7FB1-42CF-A344-0BAD7DC00E3C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{43E4C25B-ECCB-42DB-ACA1-4D9CCD618D54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{4E39158F-E5EC-4600-9639-26D941D34BB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4EF1E6E4-5C4D-45D3-A006-EB95ED7DA99B}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
    "{625E09B2-6D12-4557-949D-8233D832FCDC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{6EBFEDB5-68E0-4531-9059-FB80FE41D6A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7252EF8E-68E6-4FE7-B228-59ED3A54A21D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{77BE18C4-0434-474C-8AED-ADE1D200C7E3}" = rport=445 | protocol=6 | dir=out | app=system |
    "{7FE937B5-BCFD-44F8-8CC8-98A71B038D6F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{867744C8-8308-4A09-97BE-8D7E5E9E3FA2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8C2A45E7-C6EA-440E-8041-C06FDB5193C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{93A92AE3-F7CF-43C4-BD4A-BF69D6124C9E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{98754ABC-1636-4FDE-AB81-32361FD28A71}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
    "{9985778D-F6F5-450A-B335-CDDB876E343B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A76857DF-E8DF-4D74-A652-55EFE13EACD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C790A793-D61B-4A46-B418-1043CCDF4550}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{C7B8848C-134F-4001-814A-D944BC8B6016}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D4D0F897-A1D6-4A26-A1B2-C61885F0C047}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
    "{EF330C5D-C4DA-4206-9FC8-FF90F7ECA04A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{F82B752D-2DB5-493F-A427-4FF98B7806D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F9202F22-0EBF-4086-8081-90DA5ADF6F39}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FEBE2C5F-E6BF-429D-B765-392192750FDC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{099321C6-6EF1-41C3-A267-925D06F5E0C1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
    "{09C170A0-DDCD-4CBC-99FA-1127790279D9}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
    "{0B661A23-4A9E-409E-AF0C-69CBFA719BF7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{2209DA64-C4D7-4451-8162-D13DE304A18C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{231FD49F-90D5-4715-8C37-2DC925532D22}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{24C8EA56-224F-450C-ADC4-CB750AC76C46}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{35BD84E9-5382-411B-B741-CDA8415BAC06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{369846BC-73EC-4CF3-96B7-3234F36432E3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{3A761F21-1757-4F7C-BAC1-B97E82C60EF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3B3E8C72-D858-4C2F-974F-FD6D2B9660D2}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{47538EE3-8ABB-48CF-98C6-43F0DA74D63E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
    "{4AB39170-A805-4B36-9C81-9EB246CBBABE}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
    "{501951BF-0713-49FA-97BF-8D3DE39220ED}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{53696B33-6004-4309-AC1C-68A441C5FDE2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{5FA421C2-767C-4C16-BFCE-3F88EC673361}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{63B91502-B7F4-4445-BB2D-864F85E6A277}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
    "{80FE7F23-933C-41E9-AAF2-86A06FC47AAB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{8120E0F5-795E-4BBF-BCEC-476C71ECAD2E}" = protocol=58 | dir=in | app=system |
    "{820A622D-6C81-4B91-9B6D-FFCCE62C3AF4}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
    "{846A5764-3059-49D8-9DAE-A346A4CC50B2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{85421989-5935-45B6-A85F-D9B5F0A3233D}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
    "{87986FED-A7D7-4E12-832F-1948A1544D61}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
    "{8D9B408C-64C1-4FBC-9008-CDCBE1D6A976}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9B8545C5-D732-4EE7-8BEE-2C4E53FEDE22}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{A3531813-A709-40E4-9D66-D0D63A68AAB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A6E6ED14-79D2-4355-A5A3-F47976B2416F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A6F4F119-C5A3-487E-B46B-3BDCB5CFCF04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{ACECBEF0-B5C2-46B2-BEEB-2AC982DDF2D8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
    "{AEA5CB51-52F8-48EB-BDE1-A9AF1B270121}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{B4A67A6C-E13F-4968-B334-DC108732A87D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B8D1A974-6A69-4C07-BAA5-BFD11BC0FF7B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
    "{BF5E5B91-AE1A-4A9D-B224-973367743BE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{C4DFB15C-1822-4C2E-9F1E-041282D381B5}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{C511FCFD-A121-4CD8-B7D3-B2458DE4DB31}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
    "{CB406AA5-5262-41CC-BB0B-D355B5ED8267}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{CC4BF0F3-4C58-4D19-B331-5367903B4B6B}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
    "{CD043DD9-0E5C-47DD-B820-0BAD100E17F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{D07D073A-56AA-442D-9FA8-95566E81F6C6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
    "{D51DE8FD-AFF9-44C7-9420-7771C82A038E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{D6121CA4-7472-489F-9788-BE6FC02CCC25}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{DE7C70AC-4A35-46AB-86A0-CD44C68F5E10}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
    "{E3401598-BEE9-4C57-B871-7392260272A5}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
    "{E6CF2B57-9389-4C75-92DF-E20643428B8A}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
    "{E70AD1CE-F9BE-45CB-A27D-A90FAAB91343}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EF7B0C6F-8D5C-4242-8C54-F03DB956BD2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{F2F597F9-39C6-4D49-A446-F2886B071E33}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{FC4F7CE6-AAEC-4607-8143-94A3C508D592}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
    "{FD7C696B-A751-458D-B873-E9DC72212E8C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
    "{FE0591AF-178F-4B28-BA8C-B99BE6DC1C27}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
    "{FF55C32B-BA74-44B5-ACA1-63F7B67DACDA}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{0B6A2C69-6704-4BDA-9139-45135E28B298}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{1BC1FDA7-517F-44AC-8031-00FFD98E2923}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{25F764AD-79CB-4577-88F4-DF4BF88F4F69}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "TCP Query User{26560163-5C44-4C58-A08A-3A2FF57813A1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{4C4DC2EF-2155-4795-B63D-2318ED2ADC1B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{56F2A916-6E4A-4085-9580-A5DB1F8E4F66}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=6 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
    "TCP Query User{8D321E72-8223-4CF3-B7AB-5527329E7255}C:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "TCP Query User{A121F8EC-7F69-46E4-BD15-A10184D5135E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{A22E8661-B145-4A50-AFE8-6B9CE863C52C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "TCP Query User{A7075EA5-F416-4F33-8299-216FBBF883B6}C:\users\acc2\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\acc2\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{CB0B4157-5716-4C54-A08A-872EBE1D38F6}C:\program files\adobe\adobe flash cs4\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs4\flash.exe |
    "TCP Query User{CD299985-AC03-41BD-9BF9-B4589725464A}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "TCP Query User{D4529221-8F43-4A25-9524-A43D28C5AE90}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "TCP Query User{D5E7EC35-2AF4-44E1-B45C-5002D53992DF}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=6 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
    "TCP Query User{F8880DBB-A3F5-42C7-9080-ED66B8E3C294}C:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "UDP Query User{044DD47E-34A6-4DD6-86D7-0339756321A0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
    "UDP Query User{2A4CAE2A-241E-422A-9ED2-4E4AEF903F15}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
    "UDP Query User{3C0CD04F-7E9D-466F-B4C3-881DEFC5EA18}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{43F10468-C7C3-4DB8-AD14-82781CE2575F}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "UDP Query User{65492FCA-F3AF-452F-9E5A-DE879AFDA94C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{6D82E957-6E63-4AC5-87D7-3E2B36D2FBF3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{718FF705-3BBB-4AC5-A4FF-706E0893AA31}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "UDP Query User{7833D7DF-E990-4FC8-9DF3-C658036A1DC4}C:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "UDP Query User{87BE3969-9213-411D-9D9F-AE7874DBACF5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "UDP Query User{91291843-89B2-470F-8505-92B9270958F3}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=17 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
    "UDP Query User{9DBA04C0-1517-45D2-927C-430175BC04CB}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=17 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
    "UDP Query User{BEE58F3B-7B46-4058-8FB3-BBDD55463748}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "UDP Query User{D4AE4EA8-21D2-48C7-9A57-AE01EFA76612}C:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "UDP Query User{EBC64798-1DA4-4DDF-AA33-1CA37B35426E}C:\program files\adobe\adobe flash cs4\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs4\flash.exe |
    "UDP Query User{EEBD030C-FDEE-43BA-89A3-8F466BAD0DB0}C:\users\acc2\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\acc2\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
    "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
    "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0000
    "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}" = Secure Download Manager
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
    "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
    "{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
    "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
    "{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    "{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2A9687B-282D-4E4B-B4E3-D5A766C3A29D}" = S4 League_EU
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
    "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
    "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    "{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
    "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface
    "CCleaner" = CCleaner
    "Chatango" = Chatango Message Catcher
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Easy GIF Animator_is1" = Easy GIF Animator 5.02
    "FLV to AVI MPEG WMV 3GP MP4 iPod Converter" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    "Fraps" = Fraps (remove only)
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
    "Free MP3 WMA OGG Converter_is1" = Free MP3 WMA OGG Converter 8.2.5
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "IcoFX_is1" = IcoFX 1.6.4
    "ImgBurn" = ImgBurn
    "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
    "IrfanView" = IrfanView (remove only)
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Magic Bullet Looks Studio" = Magic Bullet Looks Studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Messenger Plus!" = Messenger Plus! 5
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "MyScribe" = MyScribe
    "Notepad++" = Notepad++
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "OJOsoft VOB Converter_is1" = OJOsoft VOB Converter
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "StepMania" = StepMania 3.9b (remove only)
    "SystemRequirementsLab" = System Requirements Lab
    "TeamViewer 6" = TeamViewer 6
    "Trillian" = Trillian
    "TuneUp Utilities 2011" = TuneUp Utilities 2011
    "uTorrent" = µTorrent
    "VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
    "VirtuallTek Fighter Factory_is1" = Fighter Factory 1.0.9.2005 + Update Pack 1
    "VLC media player" = VLC media player 1.1.11
    "VMware_Workstation" = VMware Workstation
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FileZilla Client" = FileZilla Client 3.5.1
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  16. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    OTL crashed after at least a minute. I tried it again and it did the same thing. Should I wait or should I do the last scans?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Delete your OTL file, download fresh one and try again.
    Disable your AV program before running the fix.
     
  18. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File/Folder C:\Windows\*.tmp not found.
    Unable to delete ADS C:\ProgramData\TEMP:EA029835 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring not found.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ACC1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ACC2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ACC3
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Temp folder emptied: 32790 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6395737 bytes
    ->Flash cache emptied: 343 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tamieka
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 550360623 bytes
    ->Java cache emptied: 197562 bytes
    ->FireFox cache emptied: 49519129 bytes
    ->Flash cache emptied: 56501 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 116851 bytes
    RecycleBin emptied: 876248511 bytes

    Total Files Cleaned = 1,414.00 mb


    [EMPTYFLASH]

    User: ACC1
    ->Flash cache emptied: 0 bytes

    User: ACC2
    ->Flash cache emptied: 0 bytes

    User: ACC3
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Tamieka
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11132011_205710

    Files\Folders moved on Reboot...
    C:\Windows\temp\vmware-SYSTEM-2695677032\vmware-usbarb-SYSTEM-2224.log moved successfully.

    Registry entries deleted on Reboot...

    ====================

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET NOD32 Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2011
    CCleaner
    Java(TM) 6 Update 29
    Java(TM) SE Runtime Environment 6 Update 1
    Adobe Flash Player 11.0.1.152
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
  19. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: ACC1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ACC2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ACC3
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Temp folder emptied: 33444 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 16347201 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tamieka
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1675 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34210 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 240975 bytes
    Process complete!

    Total Files Cleaned = 16.00 mb

    =======================

    Scanning Report
    Sunday, November 13, 2011 21:41:54 - 21:57:00

    Computer name: TAMIEKA-PC
    Scanning type: Quick scan
    Target: System
    13 malware found
    TrackingCookie.Questionmarket (spyware)

    System (Disinfected)

    TrackingCookie.Adinterax (spyware)

    System (Disinfected)

    TrackingCookie.2o7 (spyware)

    System (Disinfected)

    TrackingCookie.Advertising (spyware)

    System (Disinfected)

    TrackingCookie.Atdmt (spyware)

    System (Disinfected)

    TrackingCookie.Doubleclick (spyware)

    System (Disinfected)

    TrackingCookie.WebTrendsLive (spyware)

    System (Disinfected)

    TrackingCookie.Fastclick (spyware)

    System (Disinfected)

    TrackingCookie.Webtrends (spyware)

    System (Disinfected)

    TrackingCookie.Mediaplex (spyware)

    System (Disinfected)

    TrackingCookie.Liveperson (spyware)

    System (Disinfected)

    TrackingCookie.Atwola (spyware)

    System (Disinfected)

    TrackingCookie.Yieldmanager (spyware)

    System (Disinfected)

    Statistics
    Scanned:

    Files: 6923
    System: 6923
    Not scanned: 0

    Actions:

    Disinfected: 13
    Renamed: 0
    Deleted: 0
    Not cleaned: 0
    Submitted: 0

    Options
    Scanning engines:

    Copyright © 1998-2009 Product support | Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Uninstall Java(TM) SE Runtime Environment 6 Update 1 .

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    I really appreciated the help. Thanks for taking the time help someone in need.
    I will also donate as I get my account verified ;)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're very welcome [​IMG]
     
  23. NTAPRO

    NTAPRO TS Evangelist Topic Starter Posts: 810   +102

    Just an additional thing, my AV is still having problems with java.

    11/28/2011 5:44:14 PM HTTP filter archive http://www.java.com/js/deployJava.js JS/Exploit.JavaDepKit.A trojan connection terminated - quarantined Tamieka-PC\Administrator Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    That's what you have your AV program for.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...