rdahl29
Members-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by rdahl29
-
Recovering from Gameplaylabs virus
rdahl29 replied to rdahl29's topic in Resolved Malware Removal Logs
Actually -- it turns out that another computer on the network may be infected. There were some weird ports opened up on our network. We closed them out and tightened firewall. Seems everything is fine now. Thank you for your help, Maniac. I really appreciate it -
Recovering from Gameplaylabs virus
rdahl29 replied to rdahl29's topic in Resolved Malware Removal Logs
PC still responds the same :/ -
Recovering from Gameplaylabs virus
rdahl29 replied to rdahl29's topic in Resolved Malware Removal Logs
All processes killed ========== OTL ========== HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. C:\Documents and Settings\All Users\Application Data\blekko toolbars folder moved successfully. C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031\data folder moved successfully. C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031 folder moved successfully. C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus\Logs\20120710T050521.906250PID5884 folder moved successfully. C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus\Logs folder moved successfully. C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully. C:\Documents and Settings\Customer\Application Data\Search Settings\temp folder moved successfully. C:\Documents and Settings\Customer\Application Data\Search Settings\res folder moved successfully. C:\Documents and Settings\Customer\Application Data\Search Settings folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Ryan\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Ryan\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Customer ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes -
Recovering from Gameplaylabs virus
rdahl29 replied to rdahl29's topic in Resolved Malware Removal Logs
I think it might be a driver issue.... I am running a DELL Latitude D630 laptop with an Intel graphics card "Mobile Intel 965 Express Chipset". I want to reinstall drivers to see if that's the problem, but I don't know how. I looked at Intel's website and they said everything was fine. The thing is --- I ran my computer in safe mode, and video streaming was perfect. It's only normally... Another thing of note is that once my video gets choppy, my laptop fan becomes really loud (even if I stop the video and CPU usage is 1-10%). -
Recovering from Gameplaylabs virus
rdahl29 replied to rdahl29's topic in Resolved Malware Removal Logs
I think I may know why my internet goes out at least --- I have Norton Antivirus on my computer that was recently installed and it has a feature called "Intrusion Prevention". That is most likely why my internet goes out.. But the problem remains: Why does my performance (while watching videos smoothly for 5 minutes, and then BAM choppy?) get worse? Just thought I'd throw that in. Thanks -
Recovering from Gameplaylabs virus
rdahl29 replied to rdahl29's topic in Resolved Malware Removal Logs
Hey there! Thanks for the reply Here is the info you requested: MBAM: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Ryan :: POSEIDON [administrator] 7/10/2012 9:49:13 AM mbam-log-2012-07-10 (09-49-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235307 Time elapsed: 6 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------------------------------------------------------- OTL: OTL logfile created on: 7/10/2012 9:57:41 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Ryan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.94% Memory free 5.33 Gb Paging File | 4.44 Gb Available in Paging File | 83.41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 118.66 Gb Free Space | 79.61% Space Free | Partition Type: NTFS Computer Name: POSEIDON | User Name: Ryan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/10 09:56:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe PRC - [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/05/03 14:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/03/19 11:27:07 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe PRC - [2012/03/19 11:27:05 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys PRC - [2011/03/22 11:38:34 | 000,547,840 | ---- | M] (Samsung Electronices Co., Ltd.) -- C:\Documents and Settings\Ryan\Application Data\Verizon\UA_ar\UtilityApplication.exe PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/30 23:54:38 | 002,158,592 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007/07/20 17:48:00 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2007/07/20 17:30:28 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2006/12/18 16:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2006/10/27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2006/09/28 22:08:46 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (No Company Name) ========== MOD - [2012/06/29 22:12:16 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll MOD - [2012/06/29 22:12:16 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll MOD - [2012/06/28 06:28:56 | 000,438,296 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll MOD - [2012/06/28 06:28:54 | 003,972,120 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll MOD - [2012/06/28 06:27:29 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\avutil-51.dll MOD - [2012/06/28 06:27:28 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\avformat-54.dll MOD - [2012/06/28 06:27:26 | 002,386,984 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/11/01 12:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2005/07/22 22:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll MOD - [2004/10/14 11:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/10 01:48:16 | 000,688,360 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/03/19 11:27:05 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager) SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV) SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ryan\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/07/10 01:48:17 | 000,111,632 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WRkrn.sys -- (WRkrn) DRV - [2012/06/19 11:09:18 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120709.021\NAVEX15.SYS -- (NAVEX15) DRV - [2012/06/19 11:09:18 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120709.021\NAVENG.SYS -- (NAVENG) DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/06/14 14:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120707.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012/05/30 19:37:34 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/05/30 19:37:34 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/05/29 17:44:19 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/29 02:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symtdi.sys -- (SYMTDI) DRV - [2012/03/29 02:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symefa.sys -- (SymEFA) DRV - [2012/03/29 02:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ironx86.sys -- (SymIRON) DRV - [2012/03/29 02:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtsp.sys -- (SRTSP) DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/11/29 18:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ccsetx86.sys -- (ccSet_NAV) DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symds.sys -- (SymDS) DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008/08/21 08:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/08/21 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/08/21 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=100512_4_&babsrc=SP_ss&mntrId=1c5eb50a000000000000001d60592b92 IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{11179874-E5D6-4C5F-88A6-BF347A2AEA76}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=344F8A3D4CF1A4BBC6D21D4FFBEB2629&q={searchTerms} IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{8DB6B12E-4DD4-4D23-AB6B-757050EAAEF6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/05/29 17:44:45 | 000,000,000 | ---D | M] [2012/07/09 12:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/19 08:39:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Halo 4 Theme = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cenafinbdpjeekhgifoicckecljgelob\1_0\ CHR - Extension: Google Search = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Reddit Enhancement Suite = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\ CHR - Extension: Gmail = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/10 01:57:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC) O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Documents and Settings\Ryan\Application Data\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300490882078 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D419FFAE-01B9-4A52-9C27-7803662BB6FF}: DhcpNameServer = 192.168.0.1 205.171.3.25 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/03/10 16:00:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/10 09:56:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ryan\Desktop\aswMBR.exe [2012/07/10 09:56:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe [2012/07/10 02:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/10 02:03:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/07/10 02:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/10 01:51:07 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/10 01:48:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/07/10 01:48:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/07/10 01:48:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/07/10 01:48:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/07/10 01:46:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/07/10 01:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2012/07/10 01:43:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/10 01:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot SecureAnywhere [2012/07/10 01:43:06 | 000,148,664 | ---- | C] (Webroot) -- C:\WINDOWS\System32\WRusr.dll [2012/07/10 01:43:05 | 000,111,632 | ---- | C] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys [2012/07/10 01:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WRData [2012/07/10 01:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031 [2012/07/10 01:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor [2012/07/10 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot [2012/07/10 01:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus [2012/07/10 00:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2012/07/10 00:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/07/10 00:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless [2012/07/10 00:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2012/07/10 00:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2012/07/10 00:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom [2012/07/09 23:44:00 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll [2012/07/02 21:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Google [2012/06/29 23:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\NPE [2012/06/29 22:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012/06/27 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Sun [2012/06/22 21:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\gba [2012/06/22 18:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/06/22 18:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/06/22 18:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/06/22 18:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012/06/22 18:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer [2012/06/22 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/06/22 17:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2012/06/21 01:41:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent [2012/06/20 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Help [2012/06/20 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Help [2012/06/20 22:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Oracle [2012/06/20 15:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/06/20 15:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/06/20 12:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Malwarebytes [2012/06/20 12:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/06/20 11:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner [2012/06/20 03:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SystemRequirementsLab [2012/06/19 10:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Zelda-OoT Hi-Res [2012/06/19 10:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\zsnesw151 [2012/06/19 08:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012/06/19 08:23:15 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/06/19 08:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/19 07:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\desktoopp [2012/06/13 19:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012/06/10 18:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Verizon [2012/06/10 18:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Verizon [2012/06/10 15:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR [2012/06/10 15:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\WinRAR [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/10 10:02:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4098947703-2750535506-1537060400-1006UA.job [2012/07/10 10:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/07/10 09:57:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ryan\Desktop\aswMBR.exe [2012/07/10 09:56:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe [2012/07/10 09:54:25 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/07/10 09:44:48 | 000,012,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/10 09:44:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/07/10 09:44:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/10 09:44:18 | 3747,573,760 | -HS- | M] () -- C:\hiberfil.sys [2012/07/10 02:03:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/10 01:57:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/07/10 01:51:13 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012/07/10 01:48:17 | 000,148,664 | ---- | M] (Webroot) -- C:\WINDOWS\System32\WRusr.dll [2012/07/10 01:48:17 | 000,111,632 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys [2012/07/10 00:44:35 | 000,435,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/07/10 00:44:35 | 000,069,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/07/09 22:19:18 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/09 15:02:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4098947703-2750535506-1537060400-1006Core.job [2012/07/09 13:01:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/07/07 20:48:44 | 000,021,326 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\GK.gif [2012/07/02 07:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/06/29 23:15:36 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012/06/29 22:05:37 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/06/20 21:15:10 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2012/06/20 14:47:58 | 001,241,440 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\D630_A18.exe [2012/06/20 14:47:20 | 000,054,889 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml [2012/06/20 14:28:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/06/19 09:48:51 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo [2012/06/13 03:27:02 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/10 18:38:35 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Launch Utility Application.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/10 02:03:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/10 01:51:13 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012/07/10 01:51:10 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/10 01:48:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/07/10 01:48:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/07/10 01:48:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/07/10 01:48:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/07/10 01:48:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/07/07 20:48:49 | 000,021,326 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\GK.gif [2012/06/29 23:11:53 | 3747,573,760 | -HS- | C] () -- C:\hiberfil.sys [2012/06/20 14:47:46 | 001,241,440 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\D630_A18.exe [2012/06/20 14:47:16 | 000,054,889 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml [2012/06/19 11:00:02 | 004,804,608 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\DESCENTxp.exe [2012/06/19 09:48:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo [2012/06/19 08:56:48 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012/06/19 08:56:47 | 000,002,056 | ---- | C] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Launch Utility Application.lnk [2012/06/19 08:56:47 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk [2012/05/16 01:18:19 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/05/16 01:18:19 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/05/16 00:27:43 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/20 14:06:05 | 000,036,308 | ---- | C] () -- C:\WINDOWS\System32\AAYsc01.ini [2012/02/15 19:47:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/10/25 19:19:35 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Ryan\jagex_cl_runescape_LIVE.dat [2011/10/10 22:11:25 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/08/17 16:36:58 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011/05/22 00:29:37 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ryan\jagex_runescape_preferences2.dat [2011/05/22 00:28:59 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Ryan\jagex_runescape_preferences.dat [2011/05/21 23:49:56 | 000,058,084 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/03/18 17:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2011/03/10 16:34:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011/03/10 16:24:25 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2011/03/10 16:24:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2011/03/10 16:24:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2011/03/10 16:12:40 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll [2011/03/10 16:12:40 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll [2011/03/10 16:12:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011/03/10 16:12:40 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll [2011/03/10 16:02:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/03/10 15:57:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/03/10 10:26:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/03/10 10:25:06 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/06/19 13:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica [2012/07/10 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor [2012/06/20 15:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2012/05/16 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012/07/10 02:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2011/03/25 17:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2012/05/29 17:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure [2011/03/19 09:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg [2012/07/10 00:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/06/06 14:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2012/03/17 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit [2012/07/10 09:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WRData [2011/04/23 11:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/09/05 12:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Search Settings [2011/06/19 13:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acoustica [2012/07/10 01:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus [2012/05/16 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Babylon [2012/07/09 13:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox [2011/08/12 22:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\LolClient [2012/06/20 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Oracle [2012/05/03 16:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Spotify [2012/07/08 15:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SystemRequirementsLab ========== Purity Check ========== < End of report > ---------------------------------------------------------------------------------------------------------------------------------------------------- EXTRAS: OTL Extras logfile created on: 7/10/2012 9:57:41 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Ryan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.94% Memory free 5.33 Gb Paging File | 4.44 Gb Available in Paging File | 83.41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 118.66 Gb Free Space | 79.61% Space Free | Partition Type: NTFS Computer Name: POSEIDON | User Name: Ryan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38CEB5E4-8F71-44C8-8D19-AD1045D9A50C}" = Windows OEM Preinstallation Kit "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29 "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen "{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FC4DE34E-DA9E-4F02-9837-2E65F73A0234}" = Verizon Wireless Software Utility Application for Android - Samsung "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acoustica Effects Pack" = Acoustica Effects Pack "Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5 "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "DW WLAN Card Utility" = DW WLAN Card Utility "Guitar Pro 5_is1" = Guitar Pro 5.2 "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAV" = Norton AntiVirus "Office14.SingleImage" = Microsoft Office Home and Student 2010 "SafeConnect" = SafeConnect "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR 4.11 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WRUNINST" = Webroot SecureAnywhere "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Spotify" = Spotify "SwiftKit" = SwiftKit ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/10/2012 12:42:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 12:42:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. [ System Events ] Error - 6/29/2012 10:52:24 PM | Computer Name = POSEIDON | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.640.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Error - 6/29/2012 11:10:59 PM | Computer Name = POSEIDON | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/4/2012 2:42:39 PM | Computer Name = POSEIDON | Source = System Error | ID = 1003 Description = Error code 1000007f, parameter1 00000008, parameter2 ba340d70, parameter3 00000000, parameter4 00000000. Error - 7/8/2012 10:21:28 AM | Computer Name = POSEIDON | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{D419FFAE-01B9-4A52-9C27-7803662BB6FF} because another computer on the network has the same name. The server could not start. Error - 7/9/2012 1:37:42 AM | Computer Name = POSEIDON | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {28DD3979-0566-4ED3-9B14-1548B3187491}. The error: "%2" Happened while starting this command: Error - 7/10/2012 1:47:34 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7031 Description = The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 7/10/2012 1:47:44 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: %%1056 Error - 7/10/2012 1:47:45 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7031 Description = The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 7/10/2012 1:47:55 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: %%1056 Error - 7/10/2012 1:51:51 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7034 Description = The DW WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). < End of report > ------------------------------------------------------------------------------------------------------------------------------------------------------- aswMBR: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-10 10:03:18 ----------------------------- 10:03:18.625 OS Version: Windows 5.1.2600 Service Pack 3 10:03:18.625 Number of processors: 2 586 0xF0D 10:03:18.625 ComputerName: POSEIDON UserName: Ryan 10:03:19.390 Initialize success 10:07:34.265 AVAST engine defs: 12071000 10:08:10.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 10:08:10.328 Disk 0 Vendor: WDC_WD1600BEKT-00F3T0 11.01A11 Size: 152627MB BusType: 3 10:08:10.328 Disk 0 MBR read successfully 10:08:10.328 Disk 0 MBR scan 10:08:10.343 Disk 0 Windows XP default MBR code 10:08:10.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63 10:08:10.359 Disk 0 scanning sectors +312576705 10:08:10.437 Disk 0 scanning C:\WINDOWS\system32\drivers 10:08:22.203 Service scanning 10:08:31.812 Service MpKslc54ce28f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10514DB2-8CD4-4331-A796-F646AFAAD821}\MpKslc54ce28f.sys **LOCKED** 32 10:08:48.937 Modules scanning 10:08:56.328 Disk 0 trace - called modules: 10:08:56.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 10:08:56.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b02aab8] 10:08:56.687 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8af83030] 10:08:57.375 AVAST engine scan C:\WINDOWS 10:09:03.578 AVAST engine scan C:\WINDOWS\system32 10:12:30.468 AVAST engine scan C:\WINDOWS\system32\drivers 10:12:48.828 AVAST engine scan C:\Documents and Settings\Ryan 10:17:40.906 AVAST engine scan C:\Documents and Settings\All Users 10:18:38.968 Scan finished successfully 10:19:06.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ryan\Desktop\MBR.dat" 10:19:06.578 The log file has been saved successfully to "C:\Documents and Settings\Ryan\Desktop\aswMBR.txt" -
Hi everyone - I hope you are all well! Here is the story behind my virus recovery antics: I downloaded via torrent and contracted this stupid virus (gameplaylabs) which installs the babylon toolbar malware as well as steals your information etc. (there's more to it obv) The only reason why I suspected a virus hit my computer was due to video streaming performance one day. I found that my CPU usage was hitting 100% while watching a simple video from an anime streaming site! I was alarmed by this and began to act. So I downloaded malwarebytes and ran a full scan. It found a total of 18 items and quarantined them. Among the files I saw a recurring line "Gameplaylabs". The malware checker found that it infected registry as well as internet explorer and firefox. Once I quarantined these files, BAM my computer can stream videos NEARLY perfectly. The problem that I have now is the aftermath (or so I think). Video, sometimes, will take about 40-50% usage, and then ALL OF A SUDDEN the video itself (as well as sound) sort of glitches and then BAM CPU usage skyrockets to 70% and my WIRELESS CONNECTION goes out. Something along these lines happened with the virus... SO I may not be out of the woods yet? I have ran multiple virus checkers and malware searchers, but they don't find anything. It should probably be noted that this happened when I played World of Warcraft. I ran it, and it runs perfectly fine for 10 minutes. Then, it glitches out, my FPS cuts in half and the internet goes out. WTF!? WHY THE HELL DOES MY WIRELESS CONNECTION go out?! Once it does, I cannot reconnect -- it says networks are available, but when I try to reconnect and find the network, the list produces a fat blank list that does not include ANY networks.