Jump to content
rdahl29

Recovering from Gameplaylabs virus

Recommended Posts

Hi everyone - I hope you are all well!

Here is the story behind my virus recovery antics:

I downloaded via torrent and contracted this stupid virus (gameplaylabs) which installs the babylon toolbar malware as well as steals your information etc. (there's more to it obv)

The only reason why I suspected a virus hit my computer was due to video streaming performance one day.

I found that my CPU usage was hitting 100% while watching a simple video from an anime streaming site! I was alarmed by this and began to act. So I downloaded malwarebytes and ran a full scan.

It found a total of 18 items and quarantined them. Among the files I saw a recurring line "Gameplaylabs". The malware checker found that it infected registry as well as internet explorer and firefox.

Once I quarantined these files, BAM my computer can stream videos NEARLY perfectly.

The problem that I have now is the aftermath (or so I think). Video, sometimes, will take about 40-50% usage, and then ALL OF A SUDDEN the video itself (as well as sound) sort of glitches and then BAM CPU usage skyrockets to 70% and my WIRELESS CONNECTION goes out. Something along these lines happened with the virus... SO I may not be out of the woods yet? I have ran multiple virus checkers and malware searchers, but they don't find anything.

It should probably be noted that this happened when I played World of Warcraft. I ran it, and it runs perfectly fine for 10 minutes. Then, it glitches out, my FPS cuts in half and the internet goes out. WTF!?

WHY THE HELL DOES MY WIRELESS CONNECTION go out?! Once it does, I cannot reconnect -- it says networks are available, but when I try to reconnect and find the network, the list produces a fat blank list that does not include ANY networks.

Share this post


Link to post
Share on other sites

Hello rdahl29 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I downloaded via torrent and contracted this stupid virus (gameplaylabs) which installs the babylon toolbar malware as well as steals your information etc. (there's more to it obv)

GamePlayLabs is bundled with games from gameplaylabs.com and collects data when you browse websites. It then uses this data to display targeted advertising. Actually adware, but you agreed with what was described in the license agreement and the steps during the installation of a game. Next time more slowly and carefully download or install anything.

Maybe there are any remains of them. Let's check.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt
  • aswMBR log

Share this post


Link to post
Share on other sites

Hey there! Thanks for the reply :)

Here is the info you requested:

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Ryan :: POSEIDON [administrator]

7/10/2012 9:49:13 AM

mbam-log-2012-07-10 (09-49-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235307

Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

--------------------------------------------------------------------------------------------------------------------------

OTL:

OTL logfile created on: 7/10/2012 9:57:41 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Ryan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.94% Memory free

5.33 Gb Paging File | 4.44 Gb Available in Paging File | 83.41% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 118.66 Gb Free Space | 79.61% Space Free | Partition Type: NTFS

Computer Name: POSEIDON | User Name: Ryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 09:56:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe

PRC - [2012/06/28 06:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2012/05/03 14:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/03/19 11:27:07 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe

PRC - [2012/03/19 11:27:05 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys

PRC - [2011/03/22 11:38:34 | 000,547,840 | ---- | M] (Samsung Electronices Co., Ltd.) -- C:\Documents and Settings\Ryan\Application Data\Verizon\UA_ar\UtilityApplication.exe

PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/30 23:54:38 | 002,158,592 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2007/07/20 17:48:00 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2007/07/20 17:30:28 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe

PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

PRC - [2006/12/18 16:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2006/10/27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2006/09/28 22:08:46 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/29 22:12:16 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll

MOD - [2012/06/29 22:12:16 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll

MOD - [2012/06/28 06:28:56 | 000,438,296 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll

MOD - [2012/06/28 06:28:54 | 003,972,120 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll

MOD - [2012/06/28 06:27:29 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\avutil-51.dll

MOD - [2012/06/28 06:27:28 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\avformat-54.dll

MOD - [2012/06/28 06:27:26 | 002,386,984 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2006/11/01 12:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

MOD - [2005/07/22 22:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll

MOD - [2004/10/14 11:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll

MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/10 01:48:16 | 000,688,360 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/03/19 11:27:05 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)

SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)

SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ryan\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/07/10 01:48:17 | 000,111,632 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WRkrn.sys -- (WRkrn)

DRV - [2012/06/19 11:09:18 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120709.021\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/06/19 11:09:18 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120709.021\NAVENG.SYS -- (NAVENG)

DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/06/14 14:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120707.001\IDSXpx86.sys -- (IDSxpx86)

DRV - [2012/05/30 19:37:34 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/05/30 19:37:34 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/05/29 17:44:19 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/29 02:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symtdi.sys -- (SYMTDI)

DRV - [2012/03/29 02:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symefa.sys -- (SymEFA)

DRV - [2012/03/29 02:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ironx86.sys -- (SymIRON)

DRV - [2012/03/29 02:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtsp.sys -- (SRTSP)

DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/11/29 18:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ccsetx86.sys -- (ccSet_NAV)

DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symds.sys -- (SymDS)

DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2008/08/21 08:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/08/21 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2008/08/21 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=100512_4_&babsrc=SP_ss&mntrId=1c5eb50a000000000000001d60592b92

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{11179874-E5D6-4C5F-88A6-BF347A2AEA76}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=344F8A3D4CF1A4BBC6D21D4FFBEB2629&q={searchTerms}

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{8DB6B12E-4DD4-4D23-AB6B-757050EAAEF6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/05/29 17:44:45 | 000,000,000 | ---D | M]

[2012/07/09 12:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/06/19 08:39:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Halo 4 Theme = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cenafinbdpjeekhgifoicckecljgelob\1_0\

CHR - Extension: Google Search = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: Reddit Enhancement Suite = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\

CHR - Extension: Gmail = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/10 01:57:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)

O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Documents and Settings\Ryan\Application Data\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300490882078 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D419FFAE-01B9-4A52-9C27-7803662BB6FF}: DhcpNameServer = 192.168.0.1 205.171.3.25

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/10 16:00:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 09:56:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ryan\Desktop\aswMBR.exe

[2012/07/10 09:56:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe

[2012/07/10 02:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/10 02:03:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/07/10 02:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/10 01:51:07 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/07/10 01:48:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/07/10 01:48:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/07/10 01:48:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/07/10 01:48:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/07/10 01:46:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/07/10 01:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars

[2012/07/10 01:43:39 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/10 01:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot SecureAnywhere

[2012/07/10 01:43:06 | 000,148,664 | ---- | C] (Webroot) -- C:\WINDOWS\System32\WRusr.dll

[2012/07/10 01:43:05 | 000,111,632 | ---- | C] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys

[2012/07/10 01:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WRData

[2012/07/10 01:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031

[2012/07/10 01:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor

[2012/07/10 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot

[2012/07/10 01:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus

[2012/07/10 00:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

[2012/07/10 00:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/07/10 00:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless

[2012/07/10 00:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2012/07/10 00:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2012/07/10 00:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom

[2012/07/09 23:44:00 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll

[2012/07/02 21:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Google

[2012/06/29 23:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\NPE

[2012/06/29 22:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2012/06/27 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Sun

[2012/06/22 21:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\gba

[2012/06/22 18:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/06/22 18:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/06/22 18:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/06/22 18:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012/06/22 18:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer

[2012/06/22 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/06/22 17:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2012/06/21 01:41:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent

[2012/06/20 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Help

[2012/06/20 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Help

[2012/06/20 22:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Oracle

[2012/06/20 15:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/06/20 15:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/06/20 12:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Malwarebytes

[2012/06/20 12:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/06/20 11:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2012/06/20 03:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SystemRequirementsLab

[2012/06/19 10:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Zelda-OoT Hi-Res

[2012/06/19 10:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\zsnesw151

[2012/06/19 08:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/06/19 08:23:15 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/06/19 08:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/06/19 07:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\desktoopp

[2012/06/13 19:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox

[2012/06/10 18:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Verizon

[2012/06/10 18:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Verizon

[2012/06/10 15:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

[2012/06/10 15:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\WinRAR

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 10:02:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4098947703-2750535506-1537060400-1006UA.job

[2012/07/10 10:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/10 09:57:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ryan\Desktop\aswMBR.exe

[2012/07/10 09:56:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe

[2012/07/10 09:54:25 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/07/10 09:44:48 | 000,012,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/10 09:44:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/10 09:44:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/10 09:44:18 | 3747,573,760 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/10 02:03:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/10 01:57:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/07/10 01:51:13 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2012/07/10 01:48:17 | 000,148,664 | ---- | M] (Webroot) -- C:\WINDOWS\System32\WRusr.dll

[2012/07/10 01:48:17 | 000,111,632 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys

[2012/07/10 00:44:35 | 000,435,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/07/10 00:44:35 | 000,069,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/07/09 22:19:18 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/09 15:02:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4098947703-2750535506-1537060400-1006Core.job

[2012/07/09 13:01:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/07/07 20:48:44 | 000,021,326 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\GK.gif

[2012/07/02 07:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/06/29 23:15:36 | 000,000,223 | ---- | M] () -- C:\Boot.bak

[2012/06/29 22:05:37 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/20 21:15:10 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2012/06/20 14:47:58 | 001,241,440 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\D630_A18.exe

[2012/06/20 14:47:20 | 000,054,889 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml

[2012/06/20 14:28:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/06/19 09:48:51 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/06/13 03:27:02 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/06/10 18:38:35 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Launch Utility Application.lnk

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 02:03:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/10 01:51:13 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2012/07/10 01:51:10 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/07/10 01:48:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/07/10 01:48:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/07/10 01:48:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/07/10 01:48:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/07/10 01:48:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/07/07 20:48:49 | 000,021,326 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\GK.gif

[2012/06/29 23:11:53 | 3747,573,760 | -HS- | C] () -- C:\hiberfil.sys

[2012/06/20 14:47:46 | 001,241,440 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\D630_A18.exe

[2012/06/20 14:47:16 | 000,054,889 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml

[2012/06/19 11:00:02 | 004,804,608 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\DESCENTxp.exe

[2012/06/19 09:48:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/06/19 08:56:48 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

[2012/06/19 08:56:47 | 000,002,056 | ---- | C] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Launch Utility Application.lnk

[2012/06/19 08:56:47 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk

[2012/05/16 01:18:19 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2012/05/16 01:18:19 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2012/05/16 00:27:43 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/20 14:06:05 | 000,036,308 | ---- | C] () -- C:\WINDOWS\System32\AAYsc01.ini

[2012/02/15 19:47:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/10/25 19:19:35 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Ryan\jagex_cl_runescape_LIVE.dat

[2011/10/10 22:11:25 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/08/17 16:36:58 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/05/22 00:29:37 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ryan\jagex_runescape_preferences2.dat

[2011/05/22 00:28:59 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Ryan\jagex_runescape_preferences.dat

[2011/05/21 23:49:56 | 000,058,084 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/03/18 17:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2011/03/10 16:34:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011/03/10 16:24:25 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2011/03/10 16:24:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2011/03/10 16:24:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2011/03/10 16:12:40 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll

[2011/03/10 16:12:40 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll

[2011/03/10 16:12:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2011/03/10 16:12:40 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2011/03/10 16:02:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/03/10 15:57:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/03/10 10:26:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/03/10 10:25:06 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/06/19 13:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica

[2012/07/10 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor

[2012/06/20 15:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/05/16 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2012/07/10 02:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars

[2011/03/25 17:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2012/05/29 17:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure

[2011/03/19 09:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2012/07/10 00:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/06/06 14:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung

[2012/03/17 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit

[2012/07/10 09:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WRData

[2011/04/23 11:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/09/05 12:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Search Settings

[2011/06/19 13:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acoustica

[2012/07/10 01:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus

[2012/05/16 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Babylon

[2012/07/09 13:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox

[2011/08/12 22:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\LolClient

[2012/06/20 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Oracle

[2012/05/03 16:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Spotify

[2012/07/08 15:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SystemRequirementsLab

========== Purity Check ==========

< End of report >

----------------------------------------------------------------------------------------------------------------------------------------------------

EXTRAS:

OTL Extras logfile created on: 7/10/2012 9:57:41 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Ryan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.94% Memory free

5.33 Gb Paging File | 4.44 Gb Available in Paging File | 83.41% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 118.66 Gb Free Space | 79.61% Space Free | Partition Type: NTFS

Computer Name: POSEIDON | User Name: Ryan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38CEB5E4-8F71-44C8-8D19-AD1045D9A50C}" = Windows OEM Preinstallation Kit

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup

"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen

"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{FC4DE34E-DA9E-4F02-9837-2E65F73A0234}" = Verizon Wireless Software Utility Application for Android - Samsung

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Acoustica Effects Pack" = Acoustica Effects Pack

"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5

"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"DW WLAN Card Utility" = DW WLAN Card Utility

"Guitar Pro 5_is1" = Guitar Pro 5.2

"HDMI" = Intel® Graphics Media Accelerator Driver

"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NAV" = Norton AntiVirus

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"SafeConnect" = SafeConnect

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = WinRAR 4.11 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WRUNINST" = Webroot SecureAnywhere

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"Spotify" = Spotify

"SwiftKit" = SwiftKit

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/10/2012 12:42:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 12:42:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 2:15:20 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/10/2012 9:44:29 AM | Computer Name = POSEIDON | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]

Error - 6/29/2012 10:52:24 PM | Computer Name = POSEIDON | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.129.640.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error

description: This service cannot be started in Safe Mode

Error - 6/29/2012 11:10:59 PM | Computer Name = POSEIDON | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/4/2012 2:42:39 PM | Computer Name = POSEIDON | Source = System Error | ID = 1003

Description = Error code 1000007f, parameter1 00000008, parameter2 ba340d70, parameter3

00000000, parameter4 00000000.

Error - 7/8/2012 10:21:28 AM | Computer Name = POSEIDON | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{D419FFAE-01B9-4A52-9C27-7803662BB6FF}

because another computer on the network has the same name. The server could not

start.

Error - 7/9/2012 1:37:42 AM | Computer Name = POSEIDON | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {28DD3979-0566-4ED3-9B14-1548B3187491}.

The

error: "%2" Happened while starting this command:

Error - 7/10/2012 1:47:34 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7031

Description = The WRSVC service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 10000 milliseconds: Restart the

service.

Error - 7/10/2012 1:47:44 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the WRSVC service, but this action

failed with the following error: %%1056

Error - 7/10/2012 1:47:45 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7031

Description = The WRSVC service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 10000 milliseconds: Restart the

service.

Error - 7/10/2012 1:47:55 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the WRSVC service, but this action

failed with the following error: %%1056

Error - 7/10/2012 1:51:51 AM | Computer Name = POSEIDON | Source = Service Control Manager | ID = 7034

Description = The DW WLAN Tray Service service terminated unexpectedly. It has

done this 1 time(s).

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------------------

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-10 10:03:18

-----------------------------

10:03:18.625 OS Version: Windows 5.1.2600 Service Pack 3

10:03:18.625 Number of processors: 2 586 0xF0D

10:03:18.625 ComputerName: POSEIDON UserName: Ryan

10:03:19.390 Initialize success

10:07:34.265 AVAST engine defs: 12071000

10:08:10.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

10:08:10.328 Disk 0 Vendor: WDC_WD1600BEKT-00F3T0 11.01A11 Size: 152627MB BusType: 3

10:08:10.328 Disk 0 MBR read successfully

10:08:10.328 Disk 0 MBR scan

10:08:10.343 Disk 0 Windows XP default MBR code

10:08:10.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63

10:08:10.359 Disk 0 scanning sectors +312576705

10:08:10.437 Disk 0 scanning C:\WINDOWS\system32\drivers

10:08:22.203 Service scanning

10:08:31.812 Service MpKslc54ce28f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10514DB2-8CD4-4331-A796-F646AFAAD821}\MpKslc54ce28f.sys **LOCKED** 32

10:08:48.937 Modules scanning

10:08:56.328 Disk 0 trace - called modules:

10:08:56.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

10:08:56.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b02aab8]

10:08:56.687 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8af83030]

10:08:57.375 AVAST engine scan C:\WINDOWS

10:09:03.578 AVAST engine scan C:\WINDOWS\system32

10:12:30.468 AVAST engine scan C:\WINDOWS\system32\drivers

10:12:48.828 AVAST engine scan C:\Documents and Settings\Ryan

10:17:40.906 AVAST engine scan C:\Documents and Settings\All Users

10:18:38.968 Scan finished successfully

10:19:06.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ryan\Desktop\MBR.dat"

10:19:06.578 The log file has been saved successfully to "C:\Documents and Settings\Ryan\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

I think I may know why my internet goes out at least ---

I have Norton Antivirus on my computer that was recently installed and it has a feature called "Intrusion Prevention". That is most likely why my internet goes out..

But the problem remains: Why does my performance (while watching videos smoothly for 5 minutes, and then BAM choppy?) get worse?

Just thought I'd throw that in. Thanks :)

Share this post


Link to post
Share on other sites

I think it might be a driver issue....

I am running a DELL Latitude D630 laptop with an Intel graphics card "Mobile Intel 965 Express Chipset".

I want to reinstall drivers to see if that's the problem, but I don't know how. I looked at Intel's website and they said everything was fine.

The thing is --- I ran my computer in safe mode, and video streaming was perfect. It's only normally...

Another thing of note is that once my video gets choppy, my laptop fan becomes really loud (even if I stop the video and CPU usage is 1-10%).

Share this post


Link to post
Share on other sites

My work here is to check in your PC for malware activity. Let us exclude a possible cause.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having three anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Norton AntiVirus (if you don't have license for it of course) and Webroot SecureAnywhere and to keep Microsoft Security Essentials. Finally, reboot your PC.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=100512_4_&babsrc=SP_ss&mntrId=1c5eb50a000000000000001d60592b92
    IE - HKU\S-1-5-21-4098947703-2750535506-1537060400-1006\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=344F8A3D4CF1A4BBC6D21D4FFBEB2629&q={searchTerms}
    [2012/07/10 01:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
    [2012/07/10 01:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031
    [2012/07/10 01:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus
    [2012/06/20 15:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/09/05 12:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Customer\Application Data\Search Settings

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-4098947703-2750535506-1537060400-1006\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.

C:\Documents and Settings\All Users\Application Data\blekko toolbars folder moved successfully.

C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031\data folder moved successfully.

C:\Documents and Settings\Ryan\Local Settings\Application Data\blekkotb_031 folder moved successfully.

C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus\Logs\20120710T050521.906250PID5884 folder moved successfully.

C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus\Logs folder moved successfully.

C:\Documents and Settings\Ryan\Application Data\Ad-Aware Antivirus folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.

C:\Documents and Settings\Customer\Application Data\Search Settings\temp folder moved successfully.

C:\Documents and Settings\Customer\Application Data\Search Settings\res folder moved successfully.

C:\Documents and Settings\Customer\Application Data\Search Settings folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Ryan\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Ryan\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Customer

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

Share this post


Link to post
Share on other sites

Actually -- it turns out that another computer on the network may be infected. There were some weird ports opened up on our network. We closed them out and tightened firewall. Seems everything is fine now.

Thank you for your help, Maniac. I really appreciate it :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.