Solved Weird files on computer

[NTAPRO]

There is this qwrtaw5.exe in the process and it goes all the way to the program data folder. It's hidden along with a qundmlr.exe, qundmvr.exe, and vgftawv.exe files. the files were created the day after the internet was turned back on. When I mouse over them, the file descriptions are Internet Explorer, and the company is microsoft. It says the file version is 9.0.8112.16421. I guess it was something that came with the newest internet explorer. I also no longer have that version installed. It's still a process for some reason. I tried to delete the first file I mentioned first and got bsod xD so I just left it alone. I'm not sure what to do...

I also want to add that I checked the Roaming folder under appdata in 2 ot6her accounts and exe's have appeared there also.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[NTAPRO]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8104

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/7/2011 5:12:49 PM
mbam-log-2011-11-07 (17-12-49).txt

Scan type: Quick scan
Objects scanned: 258787
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\ACC1\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\57840.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
c:\Users\ACC1\AppData\Local\Temp\dclogs\2011-11-06-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
==============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-08 02:11:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000076 ST350063 rev.3.CH
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwlirfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----
==============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 2:14:03 on 2011-11-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1735 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\ProgramData\qwrtaw5.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Microsoft Explorer] c:\programdata\qwrtaw5.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\qwrtaw5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B91069DE-4BBF-49B1-9E09-9E8ADB83B2BA} : DhcpNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: AcroRd32.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: burnixa.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: vstudio.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\bfmvu5xy.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\administrator\appdata\local\e-academy inc\mozilla\firefox\plugins\npHostSdmLoader.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-25 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl2293e68c;MpKsl2293e68c;c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKsl2293e68c.sys [2011-11-7 28752]
R1 MpKslc10345fd;MpKslc10345fd;c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKslc10345fd.sys [2011-11-8 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2011-5-28 21504]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-5 21992]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-5-28 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-9 366152]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-5 2337144]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-7-20 1526592]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-9 22216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-31 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-5-28 81168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-9 27192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-11-08 07:03:18 108032 ----a-w- c:\windows\system32\uazzm.exe
2011-11-08 07:03:18 108032 ----a-w- c:\windows\system32\mcbaq.exe
2011-11-08 06:59:56 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKslc10345fd.sys
2011-11-07 15:12:03 108032 ----a-w- c:\windows\system32\rjfrm.exe
2011-11-07 12:45:20 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\MpKsl2293e68c.sys
2011-11-07 12:44:16 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\offreg.dll
2011-11-07 12:44:10 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{880355b2-bc89-402f-b631-5176cc706307}\mpengine.dll
2011-11-07 04:55:02 108032 ----a-w- c:\windows\system32\ywspy.exe
2011-11-07 03:53:25 108032 ----a-w- c:\windows\system32\ghnhh.exe
2011-11-07 03:53:25 108032 ----a-w- c:\windows\system32\bhujv.exe
2011-11-06 12:47:54 108032 ---h--w- c:\programdata\qundm1r.exe
2011-11-06 08:38:46 108032 ----a-w- c:\windows\system32\fkxve.exe
2011-11-06 06:33:50 -------- d-----w- c:\program files\ESET
2011-11-06 05:02:02 108032 ----a-w- c:\windows\system32\fcpxf.exe
2011-11-06 04:43:24 108032 ----a-w- c:\windows\system32\fnslt.exe
2011-11-06 04:43:19 108032 ---h--w- c:\programdata\qwrtaw5.exe
2011-11-06 04:43:00 108032 ----a-w- c:\windows\system32\zrons.exe
2011-11-04 09:15:32 119808 ----a-w- c:\windows\system32\rfkvm.exe
2011-11-04 04:45:17 119808 ----a-w- c:\windows\system32\ylikf.exe
2011-11-04 00:09:26 119808 ------w- c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\qwrtaw5.exe
2011-11-04 00:09:21 119808 ----a-w- c:\windows\system32\movsq.exe
2011-11-03 21:05:52 72704 ---h--w- c:\programdata\vgftawv.exe
2011-11-03 19:42:07 72704 ---h--w- c:\programdata\qundmvr.exe
2011-11-03 15:25:41 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-03 15:25:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-03 15:25:41 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-03 15:25:41 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-11-03 15:25:41 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-11-03 15:25:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-03 15:25:41 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-03 15:25:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-03 11:43:28 72704 ---h--w- c:\programdata\qundmlr.exe
2011-10-29 00:14:49 -------- d-----w- c:\programdata\MinigolfAdventures
2011-10-13 00:10:12 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 00:10:12 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 00:10:12 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 00:10:12 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 00:10:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 00:10:05 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 00:10:05 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 00:10:05 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 00:10:04 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 00:09:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-10 22:35:54 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-10-10 22:35:01 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e9b3403a-a1b1-4ad7-b6fe-834a39efee52}\gapaengine.dll
.
==================== Find3M ====================
.
2011-11-04 12:50:50 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-11-03 03:52:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 17:05:47 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-16 16:15:15 834048 ----a-w- c:\windows\system32\wininet.dll
2011-08-16 14:20:55 389632 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 2:15:01.00 ===============

 

[NTAPRO]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2010 12:06:34 PM
System Uptime: 11/8/2011 1:59:06 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket AM2 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 179.016 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.288 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2011
Bonjour
Boris Graffiti
Camtasia Studio 6
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Chatango Message Catcher
Citrix online plug-in (Web)
Connect
Convert VOB to AVI
ConvertXtoDVD 4.1.10.348
CPUID CPU-Z 1.57.1
Crystal Reports for Visual Studio
DAEMON Tools Lite
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition
Download Updater (AOL LLC)
Easy GIF Animator 5.02
Enhanced Multimedia Keyboard Solution
ESET NOD32 Antivirus
Fighter Factory 1.0.9.2005 + Update Pack 1
Fighter Factory Ultimate
FileZilla Client 3.5.1
FLV to AVI MPEG WMV 3GP MP4 iPod Converter
Fraps (remove only)
Free 3GP Video Converter version 3.7.26.602
Free M4a to MP3 Converter 6.2
Free MP3 WMA OGG Converter 8.2.5
Google Chrome
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Update
HPPhotoSmartPhotobookWebPack1
IcoFX 1.6.4
ImgBurn
InterVideo DeviceService
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
kuler
LightScribe System Software 1.10.16.1
LogMeIn Hamachi
Magic Bullet Looks Studio
Malwarebytes' Anti-Malware version 1.51.2.1300
Messenger Plus! 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Works
mIRC
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
MyScribe
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 275.33
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
OJOsoft VOB Converter
On2 VP7 Personal Edition
ooVoo
PDF Settings CS4
Photoshop Camera Raw
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
Pixel Bender Toolkit
proDAD Vitascene 1.0
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.3
RGSS-RTP Standard
RPGXP
S4 League_EU
Secure Download Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Service Pack 1 for SQL Server 2008 (KB968369)
Skype™ 5.3
Snagit 10.0.1
Soft Data Fax Modem with SmartCP
Sql Server Customer Experience Improvement Program
StepMania 3.9b (remove only)
Suite Shared Configuration CS4
swMSM
System Requirements Lab
TeamViewer 6
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Trillian
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Ulead VideoStudio 11
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
VideoStudio
VideoToolkit01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VitalSource Bookshelf
VLC media player 1.1.11
VMware Workstation
WeatherBug Gadget
Web Deployment Tool
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 2:02:55 AM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/8/2011 2:01:10 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/8/2011 2:00:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/8/2011 1:59:39 AM, Error: EventLog [6008] - The previous system shutdown at 1:57:18 AM on 11/8/2011 was unexpected.
11/6/2011 7:36:32 AM, Error: EventLog [6008] - The previous system shutdown at 4:39:05 AM on 11/6/2011 was unexpected.
11/6/2011 3:38:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
11/6/2011 3:15:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
11/6/2011 2:29:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1326.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/6/2011 2:29:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/6/2011 1:42:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
11/6/2011 1:42:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv i8042prt MpFilter spldr Wanarpv6
11/6/2011 1:42:04 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2011 1:41:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/6/2011 1:41:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/6/2011 1:41:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/6/2011 1:40:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/6/2011 1:40:22 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:26 AM on 11/6/2011 was unexpected.
11/6/2011 1:34:25 AM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/5/2011 6:13:38 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:56 PM on 11/5/2011 was unexpected.
11/5/2011 1:38:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DABOMB that believes that it is the master browser for the domain on transport NetBT_Tcpip_{642066A0-6518-49D0-9D93-2AC29A9C157. The master browser is stopping or an election is being forced.
11/4/2011 9:06:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
11/4/2011 7:09:36 PM, Error: EventLog [6008] - The previous system shutdown at 7:07:31 PM on 11/4/2011 was unexpected.
11/4/2011 7:08:37 AM, Error: EventLog [6008] - The previous system shutdown at 7:05:33 AM on 11/4/2011 was unexpected.
11/4/2011 2:39:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/4/2011 2:38:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC i8042prt MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2011 2:38:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2011 2:37:36 AM, Error: EventLog [6008] - The previous system shutdown at 2:34:17 AM on 11/4/2011 was unexpected.
11/4/2011 12:18:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1119.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/4/2011 12:09:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt MpFilter spldr Wanarpv6
11/4/2011 12:07:56 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:09 AM on 11/4/2011 was unexpected.
11/4/2011 12:02:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/4/2011 12:01:45 AM, Error: EventLog [6008] - The previous system shutdown at 11:59:31 PM on 11/3/2011 was unexpected.
11/3/2011 7:42:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
11/3/2011 7:42:14 AM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/3/2011 4:42:03 AM, Error: EventLog [6008] - The previous system shutdown at 4:39:58 AM on 11/3/2011 was unexpected.
11/1/2011 7:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:50:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:49:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 10:49:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/1/2011 1:34:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.33.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

 

[Broni]

You're running two AV programs, MSE and Eset.
One of them has to go.
Your choice.

When done....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[NTAPRO]

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-08 16:36:18
-----------------------------
16:36:18.519 OS Version: Windows 6.0.6002 Service Pack 2
16:36:18.519 Number of processors: 2 586 0x4303
16:36:18.520 ComputerName: TAMIEKA-PC UserName:
16:36:21.252 Initialize success
16:41:22.754 AVAST engine defs: 11110801
16:41:48.789 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000077
16:41:48.791 Disk 0 Vendor: ST350063 3.CH Size: 476940MB BusType: 6
16:41:50.798 Disk 0 MBR read successfully
16:41:50.800 Disk 0 MBR scan
16:41:50.807 Disk 0 unknown MBR code
16:41:50.811 Disk 0 scanning sectors +976767120
16:41:50.871 Disk 0 scanning C:\Windows\system32\drivers
16:42:11.889 Service scanning
16:42:13.570 Modules scanning
16:42:20.705 Disk 0 trace - called modules:
16:42:20.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
16:42:20.736 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c5e8c0]
16:42:20.738 3 CLASSPNP.SYS[8a3aa8b3] -> nt!IofCallDriver -> [0x8524ff08]
16:42:20.741 5 acpi.sys[89c146bc] -> nt!IofCallDriver -> \Device\00000077[0x852579c0]
16:42:21.828 AVAST engine scan C:\Windows
16:42:25.962 AVAST engine scan C:\Windows\system32
16:46:45.563 AVAST engine scan C:\Windows\system32\drivers
16:47:12.037 AVAST engine scan C:\Users\Administrator
17:20:54.763 AVAST engine scan C:\ProgramData
17:22:49.870 Scan finished successfully
17:24:39.157 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
17:24:39.161 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

ComboFix 11-11-08.02 - Administrator 11/09/2011 6:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1918 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ACC1\AppData\Roaming\crsscs.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\desktop_21990112.ico
c:\users\Administrator\AppData\Roaming\vso_ts_preview.xml
c:\users\Tamieka\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\Tamieka\AppData\Local\temp
2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\ACC3\AppData\Local\temp
2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\ACC2\AppData\Local\temp
2011-11-09 11:18 . 2011-11-09 11:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-09 11:18 . 2011-11-09 11:18 -------- d-----w- c:\users\ACC1\AppData\Local\temp
2011-11-09 10:45 . 2011-11-09 10:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\offreg.dll
2011-11-09 10:30 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 10:30 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 10:30 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 10:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 06:32 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\mpengine.dll
2011-11-08 22:32 . 2011-11-08 22:32 108032 ----a-w- c:\windows\system32\eczfw.exe
2011-11-08 19:15 . 2011-11-09 11:01 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-11-08 16:07 . 2011-11-08 16:07 108032 ----a-w- c:\windows\system32\yqlas.exe
2011-11-08 10:31 . 2011-11-08 10:31 108032 ----a-w- c:\windows\system32\fdyeg.exe
2011-11-08 10:31 . 2011-11-08 10:31 108032 ----a-w- c:\windows\system32\cjpht.exe
2011-11-08 07:03 . 2011-11-08 07:03 108032 ----a-w- c:\windows\system32\uazzm.exe
2011-11-08 07:03 . 2011-11-08 07:03 108032 ----a-w- c:\windows\system32\mcbaq.exe
2011-11-07 20:03 . 2011-11-06 04:43 108032 ---h--w- c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe
2011-11-07 15:12 . 2011-11-07 15:12 108032 ----a-w- c:\windows\system32\rjfrm.exe
2011-11-07 04:55 . 2011-11-07 04:55 108032 ----a-w- c:\windows\system32\ywspy.exe
2011-11-07 03:53 . 2011-11-07 03:53 108032 ----a-w- c:\windows\system32\ghnhh.exe
2011-11-07 03:53 . 2011-11-07 03:53 108032 ----a-w- c:\windows\system32\bhujv.exe
2011-11-06 18:38 . 2011-11-06 18:38 520192 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe
2011-11-06 18:27 . 2011-11-06 18:27 520192 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe
2011-11-06 08:38 . 2011-11-06 08:38 108032 ----a-w- c:\windows\system32\fkxve.exe
2011-11-06 06:33 . 2011-11-06 06:33 -------- d-----w- c:\program files\ESET
2011-11-06 05:02 . 2011-11-06 05:02 108032 ----a-w- c:\windows\system32\fcpxf.exe
2011-11-06 04:43 . 2011-11-06 04:43 108032 ----a-w- c:\windows\system32\fnslt.exe
2011-11-06 04:43 . 2011-11-06 04:43 108032 ----a-w- c:\windows\system32\zrons.exe
2011-11-05 23:03 . 2011-11-05 23:03 438272 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe
2011-11-05 23:02 . 2011-11-05 23:02 438272 ----a-w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe
2011-11-04 09:15 . 2011-11-04 09:15 119808 ----a-w- c:\windows\system32\rfkvm.exe
2011-11-04 04:45 . 2011-11-04 04:45 119808 ----a-w- c:\windows\system32\ylikf.exe
2011-11-04 00:09 . 2011-11-04 00:09 119808 ----a-w- c:\windows\system32\movsq.exe
2011-11-03 23:00 . 2011-11-03 03:50 72704 ---h--w- c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe
2011-11-03 22:45 . 2011-11-03 03:50 72704 ---h--w- c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe
2011-11-03 21:48 . 2011-11-03 03:50 72704 ---h--w- c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe
2011-11-03 15:25 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-03 15:25 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-03 15:25 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-03 15:25 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-03 15:25 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-03 15:25 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-03 15:25 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-11-03 15:25 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-11-03 00:19 . 2011-11-08 22:50 -------- d-----w- c:\users\ACC2\AppData\Local\Akamai
2011-10-29 00:28 . 2011-10-29 01:53 -------- d-----w- c:\users\ACC2\AppData\Roaming\Magic Academy
2011-10-29 00:26 . 2011-10-29 00:26 -------- d-----w- c:\users\ACC2\AppData\Roaming\iWin
2011-10-29 00:14 . 2011-10-29 00:14 -------- d-----w- c:\programdata\MinigolfAdventures
2011-10-27 23:55 . 2011-10-27 23:55 -------- d-----w- c:\users\ACC2\AppData\Roaming\PlayFirst
2011-10-27 23:33 . 2011-10-27 23:33 -------- d-----w- c:\users\ACC2\AppData\Local\Microsoft Games
2011-10-13 00:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 00:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 00:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 00:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 00:10 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 00:10 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 00:10 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 00:10 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 00:10 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 03:52 . 2011-07-05 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2011-08-09 11:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 01:34 . 2011-08-26 01:34 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-08-26 01:34 . 2011-08-26 01:34 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-08-25 17:05 . 2011-08-25 17:05 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-13 06:51 . 2011-08-13 06:51 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-13 06:51 . 2011-08-13 06:51 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-13 06:51 . 2011-08-13 06:51 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-11-07 06:19 . 2011-07-04 08:05 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 06:19 . 2011-07-04 08:05 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2011-04-14 16:26 . 2011-11-03 15:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"HPADVISOR"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update"="c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PAC207_Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PlusService"=c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
"Microsoft Explorer"=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwrtaw5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl10f0ddd7;MpKsl10f0ddd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl10f0ddd7.sys [x]
R1 MpKsl164cb79c;MpKsl164cb79c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980E669E-4F13-449F-87F2-F40F539F1AF9}\MpKsl164cb79c.sys [x]
R1 MpKsl1c940dff;MpKsl1c940dff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2F90A7-EBDE-4E78-AA7E-2343848A5DBE}\MpKsl1c940dff.sys [x]
R1 MpKsl2293e68c;MpKsl2293e68c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKsl2293e68c.sys [x]
R1 MpKsl2f7e7928;MpKsl2f7e7928;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BB46D3B-60B2-4563-9FC4-89E3EE141F0A}\MpKsl2f7e7928.sys [x]
R1 MpKsl4c6d8018;MpKsl4c6d8018;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl4c6d8018.sys [x]
R1 MpKsl5a715108;MpKsl5a715108;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CDBAE7C-8A83-48CE-968D-C26E0F0E875A}\MpKsl5a715108.sys [x]
R1 MpKsl5ccdf264;MpKsl5ccdf264;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsl5ccdf264.sys [x]
R1 MpKsl64e001d0;MpKsl64e001d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609CDC53-3A65-4645-9889-B506C91E755B}\MpKsl64e001d0.sys [x]
R1 MpKsl88a9f994;MpKsl88a9f994;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97F4D0DE-3238-46E3-A5A8-5C5622166964}\MpKsl88a9f994.sys [x]
R1 MpKsl9014671a;MpKsl9014671a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7270BFC-7AAA-43A2-84DD-483F0D21B645}\MpKsl9014671a.sys [x]
R1 MpKsl92fde231;MpKsl92fde231;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKsl92fde231.sys [x]
R1 MpKsl95a3d499;MpKsl95a3d499;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36AE1A3E-B7C0-4AE6-B18F-076AF6105EA7}\MpKsl95a3d499.sys [x]
R1 MpKslac0f5248;MpKslac0f5248;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKslac0f5248.sys [x]
R1 MpKslb16177bd;MpKslb16177bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAA217E6-6411-4B81-8E81-4274B4DE8CB6}\MpKslb16177bd.sys [x]
R1 MpKslc10345fd;MpKslc10345fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKslc10345fd.sys [x]
R1 MpKsle70ecca4;MpKsle70ecca4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsle70ecca4.sys [x]
R1 MpKslf2b327d1;MpKslf2b327d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKslf2b327d1.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-25 232512]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-07-20 1526592]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-31 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-01-19 07:33 128000 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
- c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
- c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
- c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
- c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
- c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
- c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
- c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
- c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
- c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
- c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bfmvu5xy.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
HKLM-Run-Microsoft Explorer - c:\programdata\qwrtaw5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-09 06:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_a74ca62.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,94,
5a,f3,87,4e,0c,85,a1,42,59,e3,ac,e0,88
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,6b,
b3,57,bf,24,05,98,7a,4e,05,ef,50,55,0b
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e4,
a9,17,59,32,04,a0,2b,08,f3,01,c8,4e,e4
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,80,
e9,96,8d,38,0d,83,6d,2c,1d,8f,a0,ec,6c
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:30,8c,b2,27,b6,49,cc,01
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CodeBlocks.cpp"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="flv_auto_file"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IrfanView.gif"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CodeBlocks.h"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="hlpfile"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\i_view32.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR.ZIP"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3528)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-11-09 06:23:45
ComboFix-quarantined-files.txt 2011-11-09 11:23
.
Pre-Run: 207,446,327,296 bytes free
Post-Run: 208,742,674,432 bytes free
.
- - End Of File - - 84D1E451DAAC250EB611FA6DFB8A402D

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe
c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe
c:\windows\system32\movsq.exe
c:\windows\system32\ylikf.exe
c:\windows\system32\rfkvm.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe
c:\windows\system32\zrons.exe
c:\windows\system32\fnslt.exe
c:\windows\system32\fcpxf.exe
c:\windows\system32\fkxve.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe
c:\windows\system32\bhujv.exe
c:\windows\system32\ghnhh.exe
c:\windows\system32\ywspy.exe
c:\windows\system32\rjfrm.exe
c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe
c:\windows\system32\mcbaq.exe
c:\windows\system32\uazzm.exe
c:\windows\system32\cjpht.exe
c:\windows\system32\fdyeg.exe
c:\windows\system32\yqlas.exe
c:\windows\system32\eczfw.exe


Folder::

Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[NTAPRO]

ComboFix 11-11-09.01 - Administrator 11/09/2011 13:04:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1539 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe"
"c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe"
"c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe"
"c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe"
"c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe"
"c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe"
"c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe"
"c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe"
"c:\windows\system32\bhujv.exe"
"c:\windows\system32\cjpht.exe"
"c:\windows\system32\eczfw.exe"
"c:\windows\system32\fcpxf.exe"
"c:\windows\system32\fdyeg.exe"
"c:\windows\system32\fkxve.exe"
"c:\windows\system32\fnslt.exe"
"c:\windows\system32\ghnhh.exe"
"c:\windows\system32\mcbaq.exe"
"c:\windows\system32\movsq.exe"
"c:\windows\system32\rfkvm.exe"
"c:\windows\system32\rjfrm.exe"
"c:\windows\system32\uazzm.exe"
"c:\windows\system32\ylikf.exe"
"c:\windows\system32\yqlas.exe"
"c:\windows\system32\ywspy.exe"
"c:\windows\system32\zrons.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1597.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4535.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmxvi.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmvr.exe
c:\users\ACC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uchpj.exe
c:\users\ACC2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundmlr.exe
c:\users\ACC3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qundm1r.exe
c:\users\Tamieka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vgftawv.exe
c:\windows\system32\bhujv.exe
c:\windows\system32\cjpht.exe
c:\windows\system32\eczfw.exe
c:\windows\system32\fcpxf.exe
c:\windows\system32\fdyeg.exe
c:\windows\system32\fkxve.exe
c:\windows\system32\fnslt.exe
c:\windows\system32\ghnhh.exe
c:\windows\system32\mcbaq.exe
c:\windows\system32\movsq.exe
c:\windows\system32\rfkvm.exe
c:\windows\system32\rjfrm.exe
c:\windows\system32\uazzm.exe
c:\windows\system32\ylikf.exe
c:\windows\system32\yqlas.exe
c:\windows\system32\ywspy.exe
c:\windows\system32\zrons.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\Tamieka\AppData\Local\temp
2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\ACC3\AppData\Local\temp
2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\ACC2\AppData\Local\temp
2011-11-09 18:16 . 2011-11-09 18:16 -------- d-----w- c:\users\ACC1\AppData\Local\temp
2011-11-09 10:45 . 2011-11-09 10:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\offreg.dll
2011-11-09 10:30 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 10:30 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 10:30 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 10:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 06:32 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEEE381A-3157-415E-8E51-4021AAF0B397}\mpengine.dll
2011-11-08 19:15 . 2011-11-09 11:01 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-11-06 06:33 . 2011-11-06 06:33 -------- d-----w- c:\program files\ESET
2011-11-03 15:25 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-03 15:25 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-03 15:25 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-03 15:25 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-03 15:25 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-03 15:25 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-03 15:25 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-11-03 15:25 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-11-03 00:19 . 2011-11-08 22:50 -------- d-----w- c:\users\ACC2\AppData\Local\Akamai
2011-10-29 00:28 . 2011-10-29 01:53 -------- d-----w- c:\users\ACC2\AppData\Roaming\Magic Academy
2011-10-29 00:26 . 2011-10-29 00:26 -------- d-----w- c:\users\ACC2\AppData\Roaming\iWin
2011-10-29 00:14 . 2011-10-29 00:14 -------- d-----w- c:\programdata\MinigolfAdventures
2011-10-27 23:55 . 2011-10-27 23:55 -------- d-----w- c:\users\ACC2\AppData\Roaming\PlayFirst
2011-10-27 23:33 . 2011-10-27 23:33 -------- d-----w- c:\users\ACC2\AppData\Local\Microsoft Games
2011-10-13 00:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 00:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 00:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 00:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 00:10 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 00:10 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 00:10 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 00:10 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 00:10 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 03:52 . 2011-07-05 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2011-08-09 11:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 01:34 . 2011-08-26 01:34 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-08-26 01:34 . 2011-08-26 01:34 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-08-25 17:05 . 2011-08-25 17:05 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-13 06:51 . 2011-08-13 06:51 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-13 06:51 . 2011-08-13 06:51 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-13 06:51 . 2011-08-13 06:51 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-11-07 06:19 . 2011-07-04 08:05 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 06:19 . 2011-07-04 08:05 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2011-04-14 16:26 . 2011-11-03 15:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-10-09 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"HPADVISOR"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update"="c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PAC207_Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PlusService"=c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
"Microsoft Explorer"=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwrtaw5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl10f0ddd7;MpKsl10f0ddd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl10f0ddd7.sys [x]
R1 MpKsl164cb79c;MpKsl164cb79c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980E669E-4F13-449F-87F2-F40F539F1AF9}\MpKsl164cb79c.sys [x]
R1 MpKsl1c940dff;MpKsl1c940dff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C2F90A7-EBDE-4E78-AA7E-2343848A5DBE}\MpKsl1c940dff.sys [x]
R1 MpKsl2293e68c;MpKsl2293e68c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKsl2293e68c.sys [x]
R1 MpKsl2f7e7928;MpKsl2f7e7928;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BB46D3B-60B2-4563-9FC4-89E3EE141F0A}\MpKsl2f7e7928.sys [x]
R1 MpKsl4c6d8018;MpKsl4c6d8018;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKsl4c6d8018.sys [x]
R1 MpKsl5a715108;MpKsl5a715108;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CDBAE7C-8A83-48CE-968D-C26E0F0E875A}\MpKsl5a715108.sys [x]
R1 MpKsl5ccdf264;MpKsl5ccdf264;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsl5ccdf264.sys [x]
R1 MpKsl64e001d0;MpKsl64e001d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609CDC53-3A65-4645-9889-B506C91E755B}\MpKsl64e001d0.sys [x]
R1 MpKsl88a9f994;MpKsl88a9f994;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97F4D0DE-3238-46E3-A5A8-5C5622166964}\MpKsl88a9f994.sys [x]
R1 MpKsl9014671a;MpKsl9014671a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7270BFC-7AAA-43A2-84DD-483F0D21B645}\MpKsl9014671a.sys [x]
R1 MpKsl92fde231;MpKsl92fde231;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKsl92fde231.sys [x]
R1 MpKsl95a3d499;MpKsl95a3d499;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36AE1A3E-B7C0-4AE6-B18F-076AF6105EA7}\MpKsl95a3d499.sys [x]
R1 MpKslac0f5248;MpKslac0f5248;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB3C70A-C184-4D41-BC43-D4DC364460ED}\MpKslac0f5248.sys [x]
R1 MpKslb16177bd;MpKslb16177bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAA217E6-6411-4B81-8E81-4274B4DE8CB6}\MpKslb16177bd.sys [x]
R1 MpKslc10345fd;MpKslc10345fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{880355B2-BC89-402F-B631-5176CC706307}\MpKslc10345fd.sys [x]
R1 MpKsle70ecca4;MpKsle70ecca4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADBB4C78-E56F-4C57-B4AF-6BBC8FF40436}\MpKsle70ecca4.sys [x]
R1 MpKslf2b327d1;MpKslf2b327d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A2DE02C-7957-4CFB-9D7C-2AF711953FA9}\MpKslf2b327d1.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 81168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-25 232512]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-07-20 1526592]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-31 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-01-19 07:33 128000 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
- c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
- c:\users\ACC1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 01:20]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
- c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
- c:\users\ACC2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 02:15]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
- c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
- c:\users\ACC3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:39]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
- c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
- c:\users\ACC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 04:28]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
- c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
- c:\users\ACC2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 03:41]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 06:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bfmvu5xy.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-09 13:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_a74ca62.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,94,
5a,f3,87,4e,0c,85,a1,42,59,e3,ac,e0,88
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,6b,
b3,57,bf,24,05,98,7a,4e,05,ef,50,55,0b
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e4,
a9,17,59,32,04,a0,2b,08,f3,01,c8,4e,e4
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,80,
e9,96,8d,38,0d,83,6d,2c,1d,8f,a0,ec,6c
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:30,8c,b2,27,b6,49,cc,01
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,86,fc,55,ac,eb,7f,40,8b,55,5f,\
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CodeBlocks.cpp"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="flv_auto_file"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IrfanView.gif"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CodeBlocks.h"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="hlpfile"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\i_view32.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR.ZIP"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&0&UID852224\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&27cfc2d8&1&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2011-11-09 13:23:01
ComboFix-quarantined-files.txt 2011-11-09 18:22
ComboFix2.txt 2011-11-09 11:23
.
Pre-Run: 206,866,366,464 bytes free
Post-Run: 206,826,479,616 bytes free
.
- - End Of File - - F0D5C84A722E53E4EF79739350E6C8CD

 

[Broni]

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[NTAPRO]

I haven't had access to the home PC and I'll be returning home within the next 2 days if that is ok, so I will not be able to follow up on your current instructions yet. I haven't experienced any BSODs or any other errors if I recall when restarting or shutting down the computer. I will post the next 2 logs as as soon as possible.

 

[Broni]

OK......................

 

[NTAPRO]

OTL logfile created on: 11/12/2011 3:24:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 66.42% Memory free
5.97 Gb Paging File | 4.88 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.26 Gb Total Space | 179.21 Gb Free Space | 39.28% Space Free | Partition Type: NTFS
Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

Computer Name: TAMIEKA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 14:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/07/20 09:40:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/07/20 09:38:40 | 001,526,592 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/25 01:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2010/11/11 12:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
PRC - [2010/11/11 12:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
PRC - [2010/11/11 12:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/19 09:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/05/24 01:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASv2K.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/28 16:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2011/11/11 23:15:19 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll -- (Akamai)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/20 09:38:40 | 001,526,592 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/07/20 09:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/07/05 07:26:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/11 12:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 12:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 12:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/05/24 01:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/25 12:05:47 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/31 13:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/05/25 01:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/01/01 09:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/11 12:48:50 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/11/11 12:48:48 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/11/11 12:47:12 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/11/11 12:46:08 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/11/11 11:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/11/11 09:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/11/11 09:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/11/11 09:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/19 12:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/13 16:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 11:56:20 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/26 22:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 01:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Administrator\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/03 10:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 10:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/06 01:33:53 | 000,000,000 | ---D | M]

[2011/11/03 02:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011/11/06 03:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions
[2011/11/03 02:33:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/03 02:33:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/03 02:33:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/03 02:33:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/11/03 02:33:12 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\bfmvu5xy.default\extensions\info@djzig.com
[2011/11/03 10:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/27 00:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/08 09:37:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0N680VPE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/12 15:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 15:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 15:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/05/12 15:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 16:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/05/12 15:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/25 09:28:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NPAPI plugin to host SDM ActiveX (Enabled) = C:\Users\Administrator\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/09 13:16:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B91069DE-4BBF-49B1-9E09-9E8ADB83B2BA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/10 11:30:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\alaplaya
[2011/11/09 14:53:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/11/09 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2011/11/09 13:22:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 12:59:03 | 004,287,742 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/11/08 17:40:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/08 17:40:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/08 17:40:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/08 17:40:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/08 17:40:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 14:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2011/11/08 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2011/11/08 14:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/11/08 13:10:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Test Site
[2011/11/08 12:33:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Python Tutorials
[2011/11/07 03:08:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder
[2011/11/06 04:34:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\VBA Stuff
[2011/11/06 04:30:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RPGM
[2011/11/06 01:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/11/06 01:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/11/06 01:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/04 09:36:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\1636 - Pokemon Fire Red (U)(Squirrels)
[2011/11/03 02:33:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/11/03 02:00:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\MozProf
[2011/11/02 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (6)
[2011/11/02 12:37:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Edited
[2011/10/31 20:31:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\pokestarter
[2011/10/29 15:14:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Tracks
[2011/10/28 19:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MinigolfAdventures
[2011/10/13 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\No_limit_Winmugen_patch
[2011/10/13 23:33:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Audio Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/12 15:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
[2011/11/12 15:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
[2011/11/12 15:22:10 | 000,216,064 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 14:54:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500UA.job
[2011/11/12 14:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
[2011/11/12 14:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
[2011/11/12 13:47:54 | 000,727,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/12 13:47:54 | 000,152,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/12 13:42:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 13:42:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 13:42:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/12 13:42:13 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 13:42:09 | 271,069,872 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/12 13:20:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
[2011/11/11 22:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
[2011/11/11 21:36:59 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/11/11 21:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
[2011/11/11 20:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
[2011/11/11 19:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
[2011/11/11 16:54:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-500Core.job
[2011/11/11 16:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
[2011/11/11 07:52:52 | 000,000,704 | ---- | M] () -- C:\Users\Administrator\Desktop\testpage.html
[2011/11/11 07:45:14 | 000,062,906 | ---- | M] () -- C:\Users\Administrator\Documents\Thanks for Joining!.pdf
[2011/11/10 00:05:30 | 000,002,475 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2011/11/09 14:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/11/09 13:16:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/09 13:00:00 | 004,287,742 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/11/09 09:34:06 | 000,074,025 | ---- | M] () -- C:\Users\Administrator\Desktop\snoopy_dog.gif
[2011/11/09 09:34:03 | 000,027,475 | ---- | M] () -- C:\Users\Administrator\Desktop\kdwcq.jpg
[2011/11/08 17:24:39 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/11/08 16:36:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/08 15:31:44 | 002,251,033 | ---- | M] () -- C:\Users\Administrator\Desktop\08 Get Ready (Select Screen, Gekisou Sentai Car Ranger).mp3
[2011/11/08 13:08:01 | 000,000,505 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\testpage.html - Shortcut.lnk
[2011/11/06 04:34:38 | 000,001,405 | ---- | M] () -- C:\Users\Administrator\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
[2011/11/06 03:16:18 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/11/04 12:56:01 | 000,025,452 | ---- | M] () -- C:\Users\Administrator\Desktop\d.gif
[2011/11/04 12:49:52 | 001,026,964 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled-2.psd
[2011/11/04 07:50:50 | 000,001,682 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/11/03 10:25:44 | 000,000,832 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/01 17:53:08 | 002,416,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/29 14:56:45 | 000,004,193 | ---- | M] () -- C:\Users\Administrator\AppData\Local\devcpp.ini
[2011/10/29 14:56:45 | 000,000,273 | ---- | M] () -- C:\Users\Administrator\AppData\Local\devcpp.cfg
[2011/10/28 23:06:12 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\Project64k.exe - Shortcut.lnk
[2011/10/28 23:06:12 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\ePSXe.exe - Shortcut.lnk
[2011/10/28 23:05:57 | 000,001,007 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winmugen.exe - Shortcut.lnk
[2011/10/25 14:04:19 | 000,099,022 | ---- | M] () -- C:\Users\Administrator\Desktop\Watch the Throne (Deluxe Version) 1.jpg
[2011/10/23 14:13:59 | 000,334,080 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.swf
[2011/10/23 10:52:48 | 001,245,184 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.fla
[2011/10/23 07:27:16 | 000,428,544 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test3.fla
[2011/10/23 07:23:50 | 000,018,179 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.swf
[2011/10/23 07:17:02 | 000,357,888 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.fla
[2011/10/23 07:09:40 | 000,013,958 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.swf
[2011/10/23 07:00:42 | 000,018,277 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1_Scene 1.swf
[2011/10/22 12:53:24 | 000,057,489 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-4.swf
[2011/10/22 12:53:10 | 000,464,896 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.fla
[2011/10/22 12:52:40 | 000,029,088 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.swf
[2011/10/22 08:48:59 | 000,109,056 | ---- | M] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.fla
[2011/10/19 09:57:06 | 000,573,730 | ---- | M] () -- C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
[2011/10/17 11:01:44 | 000,172,544 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-4.fla
[2011/10/17 06:26:28 | 000,160,930 | ---- | M] () -- C:\Users\Administrator\Desktop\b43.psd
[2011/10/16 05:26:47 | 000,103,082 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-1.swf
[2011/10/14 05:29:30 | 000,010,140 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled-1.html
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[NTAPRO]

========== Files Created - No Company Name ==========

[2011/11/11 21:36:59 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/11/09 09:34:03 | 000,027,475 | ---- | C] () -- C:\Users\Administrator\Desktop\kdwcq.jpg
[2011/11/08 17:46:35 | 3085,426,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/08 17:40:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/08 17:40:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/08 17:40:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/08 17:40:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/08 17:40:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/08 17:24:39 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/11/08 15:31:24 | 002,251,033 | ---- | C] () -- C:\Users\Administrator\Desktop\08 Get Ready (Select Screen, Gekisou Sentai Car Ranger).mp3
[2011/11/08 13:08:01 | 000,000,505 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\testpage.html - Shortcut.lnk
[2011/11/08 13:03:32 | 000,000,704 | ---- | C] () -- C:\Users\Administrator\Desktop\testpage.html
[2011/11/08 04:01:22 | 000,101,832 | ---- | C] () -- C:\Users\Administrator\Desktop\normal__b36e7ce32af87b052e4f34857f13aaac_49.png.jpg
[2011/11/08 03:59:23 | 000,096,940 | ---- | C] () -- C:\Users\Administrator\Desktop\normal__41ca2294844fd7c8b301bdc128f3bdbd_35.png.jpg
[2011/11/08 03:59:04 | 000,104,919 | ---- | C] () -- C:\Users\Administrator\Desktop\normal__9982dab50fc7bd189a9dc87874bdca73_33.png.jpg
[2011/11/08 02:05:44 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.exe
[2011/11/06 04:34:35 | 000,001,405 | ---- | C] () -- C:\Users\Administrator\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
[2011/11/04 12:56:00 | 000,025,452 | ---- | C] () -- C:\Users\Administrator\Desktop\d.gif
[2011/11/04 12:49:51 | 001,026,964 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled-2.psd
[2011/11/03 10:25:44 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/03 02:32:34 | 000,000,832 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/27 13:36:04 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\ePSXe.exe - Shortcut.lnk
[2011/10/25 14:04:20 | 000,099,022 | ---- | C] () -- C:\Users\Administrator\Desktop\Watch the Throne (Deluxe Version) 1.jpg
[2011/10/23 10:30:19 | 000,334,080 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.swf
[2011/10/23 10:26:59 | 001,245,184 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test4.fla
[2011/10/23 08:07:07 | 000,001,007 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winmugen.exe - Shortcut.lnk
[2011/10/23 07:25:14 | 000,428,544 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test3.fla
[2011/10/23 07:23:48 | 000,018,179 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.swf
[2011/10/23 07:17:02 | 000,357,888 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test2.fla
[2011/10/23 07:00:41 | 000,018,277 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1_Scene 1.swf
[2011/10/23 06:59:29 | 000,013,958 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.swf
[2011/10/22 12:53:10 | 000,464,896 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test1.fla
[2011/10/22 09:32:53 | 000,029,088 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.swf
[2011/10/22 08:48:59 | 000,109,056 | ---- | C] () -- C:\Users\Administrator\Documents\Rock Flying at Akuma Test.fla
[2011/10/22 06:30:44 | 000,057,489 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-4.swf
[2011/10/19 09:57:06 | 000,573,730 | ---- | C] () -- C:\Users\Administrator\Desktop\vlcsnap-2011-10-19-10h54m21s80.jpg
[2011/10/17 11:01:43 | 000,172,544 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-4.fla
[2011/10/17 06:26:26 | 000,160,930 | ---- | C] () -- C:\Users\Administrator\Desktop\b43.psd
[2011/10/14 05:29:30 | 000,010,140 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-1.html
[2011/10/14 05:17:30 | 000,103,082 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-1.swf
[2011/09/14 06:27:51 | 002,416,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/28 22:41:46 | 000,417,800 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Tempsi.png
[2011/07/14 16:02:14 | 000,000,273 | ---- | C] () -- C:\Windows\kaillera.ini
[2011/07/03 03:26:45 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
[2011/07/03 03:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2011/06/15 09:37:49 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2011/06/15 09:37:49 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2011/06/15 09:37:49 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2011/06/15 09:37:49 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2011/06/15 09:37:49 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2011/06/15 09:37:49 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2011/06/01 13:27:45 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\62E918FA1B.sys
[2011/06/01 13:27:42 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/05/29 18:55:45 | 000,000,273 | ---- | C] () -- C:\Users\Administrator\AppData\Local\devcpp.cfg
[2011/05/29 18:55:22 | 000,004,193 | ---- | C] () -- C:\Users\Administrator\AppData\Local\devcpp.ini
[2011/05/29 09:00:31 | 002,044,503 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Mozilla.rar
[2011/05/28 17:55:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/28 17:55:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/28 17:54:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/27 14:58:29 | 000,246,488 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/27 14:10:11 | 000,216,064 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 00:24:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/27 00:21:47 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010/10/10 11:24:41 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/10/10 11:12:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2010/10/10 11:10:21 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2010/10/10 11:10:21 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/02/08 16:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
[2007/10/25 22:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,727,198 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,152,136 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

========== LOP Check ==========

[2011/06/06 10:43:03 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\DisplayTune
[2011/06/12 16:19:56 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\FrostWire
[2011/08/02 02:02:14 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\ICAClient
[2011/09/18 14:48:25 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\ooVoo Details
[2011/08/05 16:59:34 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\OpenCandy
[2011/11/11 20:31:47 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\Sammsoft
[2011/05/28 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\Softland
[2011/05/28 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\TuneUp Software
[2011/06/16 09:12:44 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\Ulead Systems
[2011/09/23 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\ACC1\AppData\Roaming\WildTangent
[2011/07/24 21:13:09 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\acccore
[2011/06/06 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\DisplayTune
[2011/09/12 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\HTML Executable
[2011/07/20 07:02:58 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\ICAClient
[2011/10/28 19:26:30 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\iWin
[2011/10/28 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Magic Academy
[2011/07/06 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\MyScribe
[2011/07/04 00:03:45 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Opera
[2011/10/27 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\PlayFirst
[2011/05/27 19:24:35 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Snapfish
[2011/05/27 19:25:20 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Softland
[2011/05/27 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\TuneUp Software
[2011/06/16 09:22:00 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\Ulead Systems
[2011/09/26 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\ACC2\AppData\Roaming\WildTangent
[2011/06/08 15:26:46 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\DisplayTune
[2011/07/20 07:03:13 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\ICAClient
[2011/07/03 01:10:15 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Notepad++
[2011/09/24 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\ooVoo Details
[2011/06/20 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Opera
[2011/05/30 09:06:34 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Softland
[2011/06/08 16:00:01 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\TuneUp Software
[2011/06/17 15:06:42 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\Ulead Systems
[2011/06/26 17:47:35 | 000,000,000 | ---D | M] -- C:\Users\ACC3\AppData\Roaming\WildTangent
[2011/07/24 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore
[2011/07/02 14:46:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2011/09/13 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2011/07/13 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DisplayTune
[2011/06/30 03:22:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Downloaded Installations
[2011/11/08 01:59:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2011/07/02 15:41:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2011/07/08 08:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\e-academy Inc
[2011/09/13 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2011/07/04 04:59:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free MP3 WMA OGG Converter
[2011/10/01 19:03:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hex-Rays
[2011/09/11 23:31:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTML Executable
[2011/07/19 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2011/09/24 16:17:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IcoFX
[2011/07/04 03:32:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
[2011/10/11 20:25:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2011/07/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ManyCam
[2011/07/24 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
[2011/08/20 13:05:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyScribe
[2011/06/19 10:55:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2011/07/24 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2011/07/03 03:27:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\proDAD
[2011/07/13 01:29:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Snapfish
[2011/05/27 18:49:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Softland
[2011/05/28 22:03:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Solveig Multimedia
[2011/06/05 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2011/07/05 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2011/09/09 16:44:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeraCopy
[2011/08/10 23:41:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\The Professional Developer, LLC
[2011/09/03 21:33:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian
[2011/09/09 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TrueCrypt
[2011/07/15 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2011/06/12 08:16:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypingMaster7
[2011/06/15 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2011/11/12 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/07/09 01:47:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VBA-M
[2011/08/03 07:25:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2011/09/23 22:49:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WildTangent
[2011/07/18 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2011/07/02 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft Corporation
[2011/09/09 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XYplorer
[2011/06/06 06:20:16 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\DisplayTune
[2011/07/19 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\ICAClient
[2011/07/29 14:40:40 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\MotioninJoy
[2011/07/22 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\PrimericaRing
[2011/06/10 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\PrimericaRingInstall
[2011/05/27 00:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Snapfish
[2011/06/07 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Softland
[2011/07/04 12:48:03 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Template
[2011/05/28 06:00:02 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\TuneUp Software
[2011/06/15 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Ulead Systems
[2011/07/29 16:31:50 | 000,000,000 | ---D | M] -- C:\Users\Tamieka\AppData\Roaming\Vso
[2011/11/11 21:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001Core.job
[2011/11/12 15:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1001UA.job
[2011/11/11 22:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002Core.job
[2011/11/12 13:20:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1002UA.job
[2011/11/11 20:44:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003Core.job
[2011/11/12 14:44:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3541440628-1597955151-3718996899-1003UA.job
[2011/11/12 01:05:22 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/07/06 07:13:47 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/09/29 15:10:21 | 000,008,412 | ---- | M] () -- C:\0165 - MegaMan Battle Network (U)(Venom).clt
[2011/06/08 23:06:13 | 000,008,412 | ---- | M] () -- C:\1268 - Harvest Moon - Friends of Mineral Town (U)(Mode7).clt
[2010/10/10 11:30:44 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/10 14:44:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/09 13:23:03 | 000,037,907 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/18 09:19:33 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2011/09/02 18:41:08 | 000,000,511 | ---- | M] () -- C:\gca_settings.cfg
[2011/11/12 13:42:13 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 09:10:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/24 18:12:16 | 000,000,376 | -H-- | M] () -- C:\IPH.PH
[2011/05/31 09:10:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/12 13:42:10 | 3399,294,976 | -HS- | M] () -- C:\pagefile.sys
[2011/07/13 01:12:37 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2011/07/13 01:15:01 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2011/05/28 14:30:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/05/28 14:32:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2011/05/28 14:30:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/05/28 14:32:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/05/28 18:45:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/07/09 11:35:55 | 000,001,658 | -H-- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2011/05/28 08:57:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/15 15:50:23 | 000,000,286 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/09 13:00:00 | 004,287,742 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/11/03 00:37:34 | 012,521,992 | ---- | M] (Mozilla) -- C:\Users\Administrator\Desktop\Firefox Setup 4.0.1.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
[2011/11/09 14:53:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/27 00:22:07 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/10 11:24:55 | 000,000,342 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto >

< Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835

< End of report >

 

[NTAPRO]

OTL Extras logfile created on: 11/12/2011 3:24:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 66.42% Memory free
5.97 Gb Paging File | 4.88 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.26 Gb Total Space | 179.21 Gb Free Space | 39.28% Space Free | Partition Type: NTFS
Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

Computer Name: TAMIEKA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DF3AF2-568D-44D1-AF35-9EF1B830A834}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{15662D22-4B50-481D-BA3F-03F89495948C}" = rport=137 | protocol=17 | dir=out | app=system |
"{1D6C889B-25F0-49A2-9547-AC857F3906F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{25935DDE-FFF3-49E0-8DBD-F7940DA69BE4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2DF2CE47-6F72-492C-A32D-8C0512BE89D1}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{30A4529B-0BC4-4053-8F66-D445A88AE830}" = lport=139 | protocol=6 | dir=in | app=system |
"{422E5352-7FB1-42CF-A344-0BAD7DC00E3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43E4C25B-ECCB-42DB-ACA1-4D9CCD618D54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4E39158F-E5EC-4600-9639-26D941D34BB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4EF1E6E4-5C4D-45D3-A006-EB95ED7DA99B}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{625E09B2-6D12-4557-949D-8233D832FCDC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6EBFEDB5-68E0-4531-9059-FB80FE41D6A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7252EF8E-68E6-4FE7-B228-59ED3A54A21D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77BE18C4-0434-474C-8AED-ADE1D200C7E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FE937B5-BCFD-44F8-8CC8-98A71B038D6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{867744C8-8308-4A09-97BE-8D7E5E9E3FA2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8C2A45E7-C6EA-440E-8041-C06FDB5193C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93A92AE3-F7CF-43C4-BD4A-BF69D6124C9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{98754ABC-1636-4FDE-AB81-32361FD28A71}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{9985778D-F6F5-450A-B335-CDDB876E343B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A76857DF-E8DF-4D74-A652-55EFE13EACD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C790A793-D61B-4A46-B418-1043CCDF4550}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C7B8848C-134F-4001-814A-D944BC8B6016}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D4D0F897-A1D6-4A26-A1B2-C61885F0C047}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{EF330C5D-C4DA-4206-9FC8-FF90F7ECA04A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F82B752D-2DB5-493F-A427-4FF98B7806D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9202F22-0EBF-4086-8081-90DA5ADF6F39}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEBE2C5F-E6BF-429D-B765-392192750FDC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099321C6-6EF1-41C3-A267-925D06F5E0C1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{09C170A0-DDCD-4CBC-99FA-1127790279D9}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{0B661A23-4A9E-409E-AF0C-69CBFA719BF7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2209DA64-C4D7-4451-8162-D13DE304A18C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{231FD49F-90D5-4715-8C37-2DC925532D22}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{24C8EA56-224F-450C-ADC4-CB750AC76C46}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{35BD84E9-5382-411B-B741-CDA8415BAC06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{369846BC-73EC-4CF3-96B7-3234F36432E3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3A761F21-1757-4F7C-BAC1-B97E82C60EF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B3E8C72-D858-4C2F-974F-FD6D2B9660D2}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{47538EE3-8ABB-48CF-98C6-43F0DA74D63E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{4AB39170-A805-4B36-9C81-9EB246CBBABE}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{501951BF-0713-49FA-97BF-8D3DE39220ED}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{53696B33-6004-4309-AC1C-68A441C5FDE2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5FA421C2-767C-4C16-BFCE-3F88EC673361}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{63B91502-B7F4-4445-BB2D-864F85E6A277}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{80FE7F23-933C-41E9-AAF2-86A06FC47AAB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{8120E0F5-795E-4BBF-BCEC-476C71ECAD2E}" = protocol=58 | dir=in | app=system |
"{820A622D-6C81-4B91-9B6D-FFCCE62C3AF4}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{846A5764-3059-49D8-9DAE-A346A4CC50B2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{85421989-5935-45B6-A85F-D9B5F0A3233D}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{87986FED-A7D7-4E12-832F-1948A1544D61}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{8D9B408C-64C1-4FBC-9008-CDCBE1D6A976}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B8545C5-D732-4EE7-8BEE-2C4E53FEDE22}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A3531813-A709-40E4-9D66-D0D63A68AAB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6E6ED14-79D2-4355-A5A3-F47976B2416F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6F4F119-C5A3-487E-B46B-3BDCB5CFCF04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ACECBEF0-B5C2-46B2-BEEB-2AC982DDF2D8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{AEA5CB51-52F8-48EB-BDE1-A9AF1B270121}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B4A67A6C-E13F-4968-B334-DC108732A87D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8D1A974-6A69-4C07-BAA5-BFD11BC0FF7B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{BF5E5B91-AE1A-4A9D-B224-973367743BE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C4DFB15C-1822-4C2E-9F1E-041282D381B5}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{C511FCFD-A121-4CD8-B7D3-B2458DE4DB31}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{CB406AA5-5262-41CC-BB0B-D355B5ED8267}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CC4BF0F3-4C58-4D19-B331-5367903B4B6B}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{CD043DD9-0E5C-47DD-B820-0BAD100E17F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D07D073A-56AA-442D-9FA8-95566E81F6C6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{D51DE8FD-AFF9-44C7-9420-7771C82A038E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6121CA4-7472-489F-9788-BE6FC02CCC25}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DE7C70AC-4A35-46AB-86A0-CD44C68F5E10}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{E3401598-BEE9-4C57-B871-7392260272A5}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{E6CF2B57-9389-4C75-92DF-E20643428B8A}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{E70AD1CE-F9BE-45CB-A27D-A90FAAB91343}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF7B0C6F-8D5C-4242-8C54-F03DB956BD2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F2F597F9-39C6-4D49-A446-F2886B071E33}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FC4F7CE6-AAEC-4607-8143-94A3C508D592}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FD7C696B-A751-458D-B873-E9DC72212E8C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{FE0591AF-178F-4B28-BA8C-B99BE6DC1C27}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{FF55C32B-BA74-44B5-ACA1-63F7B67DACDA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0B6A2C69-6704-4BDA-9139-45135E28B298}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{1BC1FDA7-517F-44AC-8031-00FFD98E2923}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{25F764AD-79CB-4577-88F4-DF4BF88F4F69}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{26560163-5C44-4C58-A08A-3A2FF57813A1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{4C4DC2EF-2155-4795-B63D-2318ED2ADC1B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{56F2A916-6E4A-4085-9580-A5DB1F8E4F66}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=6 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
"TCP Query User{8D321E72-8223-4CF3-B7AB-5527329E7255}C:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{A121F8EC-7F69-46E4-BD15-A10184D5135E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{A22E8661-B145-4A50-AFE8-6B9CE863C52C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{A7075EA5-F416-4F33-8299-216FBBF883B6}C:\users\acc2\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\acc2\appdata\local\akamai\netsession_win.exe |
"TCP Query User{CB0B4157-5716-4C54-A08A-872EBE1D38F6}C:\program files\adobe\adobe flash cs4\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs4\flash.exe |
"TCP Query User{CD299985-AC03-41BD-9BF9-B4589725464A}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{D4529221-8F43-4A25-9524-A43D28C5AE90}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{D5E7EC35-2AF4-44E1-B45C-5002D53992DF}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=6 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
"TCP Query User{F8880DBB-A3F5-42C7-9080-ED66B8E3C294}C:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{044DD47E-34A6-4DD6-86D7-0339756321A0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{2A4CAE2A-241E-422A-9ED2-4E4AEF903F15}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{3C0CD04F-7E9D-466F-B4C3-881DEFC5EA18}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{43F10468-C7C3-4DB8-AD14-82781CE2575F}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{65492FCA-F3AF-452F-9E5A-DE879AFDA94C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6D82E957-6E63-4AC5-87D7-3E2B36D2FBF3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{718FF705-3BBB-4AC5-A4FF-706E0893AA31}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{7833D7DF-E990-4FC8-9DF3-C658036A1DC4}C:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\acc2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{87BE3969-9213-411D-9D9F-AE7874DBACF5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{91291843-89B2-470F-8505-92B9270958F3}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=17 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
"UDP Query User{9DBA04C0-1517-45D2-927C-430175BC04CB}C:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe" = protocol=17 | dir=in | app=c:\users\tamieka\appdata\roaming\primericaringinstall\vsee.exe |
"UDP Query User{BEE58F3B-7B46-4058-8FB3-BBDD55463748}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{D4AE4EA8-21D2-48C7-9A57-AE01EFA76612}C:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\acc3\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{EBC64798-1DA4-4DDF-AA33-1CA37B35426E}C:\program files\adobe\adobe flash cs4\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs4\flash.exe |
"UDP Query User{EEBD030C-FDEE-43BA-89A3-8F466BAD0DB0}C:\users\acc2\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\acc2\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0000
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}" = Secure Download Manager
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2A9687B-282D-4E4B-B4E3-D5A766C3A29D}" = S4 League_EU
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"CCleaner" = CCleaner
"Chatango" = Chatango Message Catcher
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy GIF Animator_is1" = Easy GIF Animator 5.02
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free MP3 WMA OGG Converter_is1" = Free MP3 WMA OGG Converter 8.2.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"IcoFX_is1" = IcoFX 1.6.4
"ImgBurn" = ImgBurn
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MyScribe" = MyScribe
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OJOsoft VOB Converter_is1" = OJOsoft VOB Converter
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StepMania" = StepMania 3.9b (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"Trillian" = Trillian
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
"VirtuallTek Fighter Factory_is1" = Fighter Factory 1.0.9.2005 + Update Pack 1
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3541440628-1597955151-3718996899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
  "DisableMonitoring" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please, run F-Secure Online Scanner

• Disable your Antivirus program.
• Checkmark I have read and accepted the license terms.
• Click on Run Check button.
• Quick scan (recommended) option will come pre-checked. Don't change it.
• Click on Start button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.

 

[NTAPRO]

OTL crashed after at least a minute. I tried it again and it did the same thing. Should I wait or should I do the last scans?

 

[Broni]

Delete your OTL file, download fresh one and try again.
Disable your AV program before running the fix.

 

[NTAPRO]

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File/Folder C:\Windows\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:EA029835 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: ACC1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ACC2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ACC3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 32790 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6395737 bytes
->Flash cache emptied: 343 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tamieka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 550360623 bytes
->Java cache emptied: 197562 bytes
->FireFox cache emptied: 49519129 bytes
->Flash cache emptied: 56501 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116851 bytes
RecycleBin emptied: 876248511 bytes

Total Files Cleaned = 1,414.00 mb


[EMPTYFLASH]

User: ACC1
->Flash cache emptied: 0 bytes

User: ACC2
->Flash cache emptied: 0 bytes

User: ACC3
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: Tamieka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11132011_205710

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM-2695677032\vmware-usbarb-SYSTEM-2224.log moved successfully.

Registry entries deleted on Reboot...

====================

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET NOD32 Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
CCleaner
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

 

[NTAPRO]

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: ACC1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ACC2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ACC3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 33444 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16347201 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tamieka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1675 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34210 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 240975 bytes
Process complete!

Total Files Cleaned = 16.00 mb

=======================

Scanning Report
Sunday, November 13, 2011 21:41:54 - 21:57:00

Computer name: TAMIEKA-PC
Scanning type: Quick scan
Target: System
13 malware found
TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.Adinterax (spyware)

System (Disinfected)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.WebTrendsLive (spyware)

System (Disinfected)

TrackingCookie.Fastclick (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

TrackingCookie.Liveperson (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Statistics
Scanned:

Files: 6923
System: 6923
Not scanned: 0

Actions:

Disinfected: 13
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Options
Scanning engines:

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

[Broni]

Uninstall Java(TM) SE Runtime Environment 6 Update 1 .

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[NTAPRO]

I really appreciated the help. Thanks for taking the time help someone in need.
I will also donate as I get my account verified

 

[Broni]

You're very welcome

 

[NTAPRO]

Just an additional thing, my AV is still having problems with java.

11/28/2011 5:44:14 PM HTTP filter archive http://www.java.com/js/deployJava.js JS/Exploit.JavaDepKit.A trojan connection terminated - quarantined Tamieka-PC\Administrator Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

 

[Broni]

That's what you have your AV program for.