Jump to content

XP Security 2011


Recommended Posts

I am not sure if I am posting this in the right spot, as I don't actually have any Logs of anything, but I do need some advice...

A few months ago my system got infected with the XP Security 2011 Virus from a Website for the game Left4Dead 2...

I used the following, to troubleshoot and remove it.

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

I followed the steps precisely each time, which includes the use of MalewareBytes to clean the virus. I even keep MalwareBytes installed and updated on a Flash Drive, so it can be run from an UNCorrupted source.

It cleaned the virus off my computer, but every few weeks to a month, it resurrects itself and reinfects my computer; usually when the machine is just sitting idle and I'm not even touching it. I go through the steps on the above link, to remove it again... but then but then it just comes back again after another few weeks to a month...

Its resurrected itself a total of 4 times now, each time under a different name, but always the same thing. About a month ago, the last time it resurrected itself, it came back under the name of "XP Repair Tool"; which proved rather difficult to clean off, but again the above steps on the above Link, did the trick.

Last night, it has come back, resurrected again...

I followed the steps again, to clean it off...

This time, after the cleaning process completed and rebooted my machine; my Windows came up, and everything looks ok.

But none of my Executables work anymore!

I can't launch any applications, because Windows seemingly does not know how to launch them... It pops up a window, asking me what Application I want to use, to launch the Application that I was trying to launch. Then it tells me it can't find some file it claims it needs to launch the App, then clicking on OK on that, it then launches the App.

I am kind of unsure of how to proceed any further at this point.

Obviously, this is something nasty, and the above steps that include the use of MalwareBytes, just doesn't do enough to fix this.

Lately I think it has gotten into my Task Scheduler... as, I have a TV Card installed, and a scheduled task to launch the TV in the morning eveyday day at 8am. I start a screensaver at night, then go to bed, and the TV kicks in each morning for when I need to get up. But, recently in the past month since this came back the last time, Task Scheduler will launch the EXE for the TV software, but it won't kill the Screen Saver, and the Application itself never opens... but the EXE is loaded and the Audio turns on. I can hear the TV, but I can't see it. I have to shut down the screen saver manually, bring up my Task Manager and kill the EXE on the TV software, then re-launch it manually, for the Application to actually open and let me SEE the TV...

I am starting to suspect that I might need to just do a clean re-install of my Windows at this point, which isn't too big a deal as its not that hard to back up any documents/files that I need to save.

But, I am wondering if anyone have any other advice?

Link to post
Share on other sites

Some of my applications, things I use every day... are now failing to launch and giving me an error saying that their EXE's are not valid Win32 Applications.

Also getting messages about missing some random Java file, when trying to open other applications...

Could really use some advice on this, its getting difficult to use my computer...

Link to post
Share on other sites

Hello :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Please download Rogue Kill from here

Double-click on rkill.com to run it. You may need to run this program a few times to stop the malware process running. The malware will probably complain about being stopped but please ignore this. Do not reboot your computer after running rkill as the malware programs will start again.

Step 2

Please download OTH.scr to your desktop

Please download OTL to your Desktop

Please download the attached Scan.txt to your destop

Double click the OTH file and select Kill All Processes, your desktop will go blank

OTH_Main.jpg

Then select Start OTL

OTL will now run

  • double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Scan.txt

Link to post
Share on other sites

I can only do the above steps while logged onto my Admin Account via Safe Mode.

If I log into my normal account, in regular mode, then Windows will not run Rkill, OHL or OTL because it claims that there are no Executables to run them.

So, I am going through your steps in safe mode and will report more info shortly!

Link to post
Share on other sites

Both of the following Reports were run while in Safe Mode, logged onto an Administrator Account.

The PRIMARY User Account, that has been infected, WILL NOT run any of the above programs; Rkill, OHL, or OTL...

When that primary user account is infected, I usually boot into Safe Mode on the Administrator Account, to run Malware Bytes and others, to scan and clean the system.. and this is what I had to do to get those programs to run.

Here are the Logs, OTL.txt, and Extras.txt

The following is OTL.txt

OTL logfile created on: 7/17/2011 4:20:05 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 90.02% Memory free

4.09 Gb Paging File | 3.93 Gb Available in Paging File | 96.13% Paging File free

Paging file location(s): C:\pagefile.sys 1023 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 687.91 Gb Free Space | 73.85% Space Free | Partition Type: NTFS

Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FAT

Computer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) [Auto | Stopped] -- C:\WINDOWS\system32\kbdcz132.exe -- (WmiApSrv32)

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)

SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)

DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2008/10/23 09:58:15 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Corey\Local Settings\Temp\nsysaudm.sys -- (nsysaudm)

DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)

DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)

DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)

DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M]

[2011/07/16 19:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/10 19:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009/03/10 14:17:25 | 000,302,562 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10430 more lines...

O2 - BHO: (no name) - {0DD43CE0-28E7-4559-8AD9-F2676A044A0a} - C:\WINDOWS\system32\authz32.dll (AIDEX Team)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AudioDrvEmulator] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 14:11:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/17 14:11:29 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

[2011/07/17 12:48:22 | 000,348,672 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\authz32.dll

[2011/07/16 00:01:34 | 000,554,496 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\authz32.exe

[2011/07/16 00:01:33 | 000,554,496 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\kbdcz132.exe

[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta

[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011/06/19 13:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 15:11:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/17 15:10:39 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/17 15:10:39 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/17 15:06:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/17 13:36:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

[2011/07/17 12:48:22 | 000,348,672 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\authz32.dll

[2011/07/17 05:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job

[2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\180676m7u7426jofutj5plxox57

[2011/07/16 00:01:34 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\1247541505

[2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\kbdcz132.exe

[2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\authz32.exe

[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job

[2011/07/15 06:36:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job

[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2011/06/19 13:38:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 12:32:46 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe

[2011/07/16 12:28:01 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr

[2011/07/16 03:21:25 | 000,013,710 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\180676m7u7426jofutj5plxox57

[2011/07/16 00:01:33 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\1247541505

[2011/06/19 13:38:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g

[2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jd0304a8d3q3q1q3u

[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat

[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe

[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini

[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini

[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI

[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini

[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini

[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe

[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll

[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI

[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI

[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini

[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini

[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe

[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321

[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX

[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin

[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job

[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job

[2011/07/17 15:11:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >

[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\procs\explorer.exe

[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\procs\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX1\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX2\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX3\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\h\explorer.exe

[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\h\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe

[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX1\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX2\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX3\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\userinit.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX1\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX2\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX3\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\winlogon.exe

[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\winlogon.exe

[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 03:09:09 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/06/08 23:28:36 | 001,007,120 | ---- | M] ()

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 03:09:09 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/06/08 23:28:36 | 001,007,120 | ---- | M] ()

< >

< >

< http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe >

Invalid Switch: MBRCheck.exe

< End of report >

Link to post
Share on other sites

The following is extras.txt

OTL Extras logfile created on: 7/17/2011 4:20:05 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 90.02% Memory free

4.09 Gb Paging File | 3.93 Gb Available in Paging File | 96.13% Paging File free

Paging file location(s): C:\pagefile.sys 1023 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 687.91 Gb Free Space | 73.85% Space Free | Partition Type: NTFS

Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FAT

Computer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

"C:\Program Files\My Games\SecondLife\SLVoice.exe" = C:\Program Files\My Games\SecondLife\SLVoice.exe:*:Enabled:SLVoice

"C:\Program Files\My Games\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\My Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()

"C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)

"C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)

"C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)

"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager

"C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)

"C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)

"C:\Program Files\My Games\SecondLife\CoolViewer.exe" = C:\Program Files\My Games\SecondLife\CoolViewer.exe:*:Enabled:Second Life

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\My Games\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\My Games\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Program Files\Flagship Studios\Hellgate London Demo\Launcher.exe" = C:\Program Files\Flagship Studios\Hellgate London Demo\Launcher.exe:*:Enabled:Hellgate: London -- (Flagship Studios)

"C:\Documents and Settings\Corey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Corey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)

"C:\Program Files\My Games\Microsoft Games\Halo\halo.exe" = C:\Program Files\My Games\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)

"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)

"C:\Program Files\My Games\3DO\Heroes3\H3BLADE.icd" = C:\Program Files\My Games\3DO\Heroes3\H3BLADE.icd:*:Enabled:Heroes of Might and Magic III -- (The 3DO Company)

"C:\Program Files\My Games\CoolViewer\CoolViewer.exe" = C:\Program Files\My Games\CoolViewer\CoolViewer.exe:*:Enabled:Cool Viewer

"C:\Program Files\My Games\GreenLife Emerald Viewer\SLVoice.exe" = C:\Program Files\My Games\GreenLife Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice

"C:\Program Files\My Games\GreenLife Emerald Viewer\GreenLife.exe" = C:\Program Files\My Games\GreenLife Emerald Viewer\GreenLife.exe:*:Enabled:Second Life Open Source [GreenLife Emerald Viewer]

"C:\Program Files\My Games\Electronic Arts\American McGee's Alice\alice.exe" = C:\Program Files\My Games\Electronic Arts\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)

"C:\Program Files\My Games\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\My Games\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)

"C:\Program Files\My Games\GreenLife Emerald Viewer\Emerald.exe" = C:\Program Files\My Games\GreenLife Emerald Viewer\Emerald.exe:*:Enabled:Second Life Open Source [Emerald Viewer]

"C:\Program Files\My Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\My Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- ()

"C:\Program Files\My Games\Emerald Viewer\Emerald.exe" = C:\Program Files\My Games\Emerald Viewer\Emerald.exe:*:Enabled:Second Life Open Source [Emerald Viewer]

"C:\Program Files\My Games\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\My Games\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)

"C:\Program Files\My Games\Snowglobe\SnowglobeRelease.exe" = C:\Program Files\My Games\Snowglobe\SnowglobeRelease.exe:*:Enabled:Snowglobe

"C:\Program Files\My Games\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\My Games\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)

"C:\Program Files\My Games\Emerald Viewer\SLVoice.exe" = C:\Program Files\My Games\Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)

"C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)

"C:\Program Files\My Games\Activision\Transformers - War for Cybertron\Binaries\TWFC.exe" = C:\Program Files\My Games\Activision\Transformers - War for Cybertron\Binaries\TWFC.exe:*:Enabled:Transformers - War for Cybertron -- ()

"C:\Program Files\Second Life Viewers\Ascent\Ascent.exe" = C:\Program Files\Second Life Viewers\Ascent\Ascent.exe:*:Enabled:Ascent

"C:\Program Files\Second Life Viewers\Phoenix Viewer\SLVoice.exe" = C:\Program Files\Second Life Viewers\Phoenix Viewer\SLVoice.exe:*:Enabled:SLVoice

"C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService

"C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\My Games\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE" = C:\Program Files\My Games\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC -- ()

"C:\Program Files\My Games\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\My Games\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)

"C:\Program Files\Second Life Viewers\Phoenix Viewer\PhoenixViewer.exe" = C:\Program Files\Second Life Viewers\Phoenix Viewer\PhoenixViewer.exe:*:Enabled:Phoenix Viewer -- (Phoenix Viewer)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

" Heroes of Might and Magic III Armageddon's Blade" = Heroes of Might and Magic III Armageddon's Blade

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1102

"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V

"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)

"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers

"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City

"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{52B94500-1782-411F-BFA5-EBAC312964DE}" = The Witcher Demo

"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV

"{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)

"{5C104E56-A441-429D-A609-D8A46EB92EA1}" = PCMark05

"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City

"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures

"{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate: London Demo

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®

"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1" = Cryostasis (Remove Only)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5

"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War

"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"{C712D1AB-16BD-434A-9624-A4748AEAF31D}" = Kirstens S18 (205)

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{D4F8C273-468F-4491-AEA1-A6811B0E2780}" = AMD OverDrive

"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021

"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons and Dragons Online™ - Eberron Unlimited™ - Live

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Age of Empires 2.0" = Microsoft Age of Empires II

"a-squared Free_is1" = a-squared Free 4.0

"Blender" = Blender (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2

"Crysis WARHEAD®" = Crysis WARHEAD®

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60

"Evil Genius" = Evil Genius

"Evil Genius_is1" = Evil Genius V1.01

"Firestorm-Beta" = Firestorm-Beta (remove only)

"Fraps" = Fraps

"Guild Wars" = Guild Wars

"Halo" = Microsoft Halo

"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources

"Hauppauge WinTV Radio" = Hauppauge WinTV Radio

"Hauppauge WinTV2000" = Hauppauge WinTV2000

"Hauppauge WinTV-PVR2 USB2 Drivers" = Hauppauge WinTV-PVR2 USB2 Drivers

"Heroes of Might and Magic® III" = Heroes of Might and Magic® III

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers - War for Cybertron

"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"InterActual Player" = InterActual Player

"Liveupdate4_is1" = Liveupdate4

"MAGIX 3D Maker US" = MAGIX 3D Maker (embeded)

"MAGIX Movie Edit Pro 16 Plus US" = MAGIX Movie Edit Pro 16 Plus 9.0.1.60 (US)

"MAGIX Screenshare US" = MAGIX Screenshare

"MAGIX Speed burnR US" = MAGIX Speed burnR

"MAGIX Xtreme Photo Designer 6 US" = MAGIX Xtreme Photo Designer 6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)

"Mozilla Thunderbird (1.0.7)" = Mozilla Thunderbird (1.0.7)

"MS Access 97 SP2" = MS Access 97 SP2

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSI8624Drv" = MSI 8624 BDA Driver

"mufin player US" = mufin player 1.0.0.99 (US)

"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Online Manuals for WinTV (English)" = Online Manuals for WinTV (English)

"OpenAL" = OpenAL

"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5

"Precision" = EVGA Precision 2.0.0

"PunkBusterSvc" = PunkBuster Services

"r8brain" = r8brain 1.9

"RealPlayer 6.0" = RealPlayer

"SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6

"SimCity 3000 Unlimited" = SimCity 3000 Unlimited

"SingularityViewer" = SingularityViewer (remove only)

"Starcraft" = Starcraft

"Steam App 211" = Source SDK

"Steam App 215" = Source SDK Base

"Steam App 220" = Half-Life 2

"Steam App 320" = Half-Life 2: Deathmatch

"SystemRequirementsLab" = System Requirements Lab

"ThiefDeinstallKey" = Thief:The Dark Project

"UnrealTournament" = Unreal Tournament

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinGimp-2.0_is1" = GIMP 2.6.6

"Wings 3D 1.0.2" = Wings 3D 1.0.2

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/9/2011 7:43:24 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/10/2011 5:02:49 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/10/2011 7:43:25 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/11/2011 5:01:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/12/2011 4:39:05 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/13/2011 5:20:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/14/2011 4:33:21 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/15/2011 4:46:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/16/2011 5:16:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/17/2011 5:06:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

[ Application Events ]

Error - 7/9/2011 7:43:24 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/10/2011 5:02:49 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/10/2011 7:43:25 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/11/2011 5:01:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/12/2011 4:39:05 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/13/2011 5:20:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/14/2011 4:33:21 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/15/2011 4:46:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/16/2011 5:16:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/17/2011 5:06:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

[ System Events ]

Error - 5/1/2009 8:04:46 PM | Computer Name = BLACKIE | Source = System Error | ID = 1003

Description = Error code 1000007f, parameter1 00000008, parameter2 ba348d70, parameter3

00000000, parameter4 00000000.

Error - 5/6/2009 9:39:50 AM | Computer Name = BLACKIE | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000080 00000000 00000005 00000005

Error - 5/6/2009 9:40:15 AM | Computer Name = BLACKIE | Source = nv | ID = 262252

Description = The driver nv4_disp for the display device \Device\Video0 got stuck

in an infinite loop. This usually indicates a problem with the device itself or

with the device driver programming the hardware incorrectly. Please check with your

hardware

device vendor for any driver updates.

Error - 5/6/2009 9:49:33 AM | Computer Name = BLACKIE | Source = System Error | ID = 1003

Description = Error code 000000ea, parameter1 89ad6020, parameter2 8adc4008, parameter3

8a6ec6d8, parameter4 00000001.

Error - 5/9/2009 12:47:23 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the NVSvc service.

Error - 5/9/2009 12:47:52 PM | Computer Name = BLACKIE | Source = System Error | ID = 1003

Description = Error code 0000009c, parameter1 00000000, parameter2 ba34c050, parameter3

b26b4000, parameter4 00000175.

Error - 5/9/2009 4:54:32 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the NVSvc service.

Error - 5/9/2009 5:16:47 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the NVSvc service.

Error - 5/9/2009 5:24:39 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the NVSvc service.

Error - 5/9/2009 5:26:37 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the NVSvc service.

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {0DD43CE0-28E7-4559-8AD9-F2676A044A0a} - C:\WINDOWS\system32\authz32.dll (AIDEX Team)
    [2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\180676m7u7426jofutj5plxox57
    [2011/07/16 00:01:34 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\1247541505
    [2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\kbdcz132.exe
    [2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\authz32.exe
    [2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g
    [2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jd0304a8d3q3q1q3u
    [2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Things I would like to see in your reply:

  • OTL log
  • aswMBR l

Link to post
Share on other sites

Things I would like to see in your reply:

  • OTL log
  • aswMBR l

I appreciate your time, patience, and your assistance on this.

Here are the next two logs you requested.

OTL.TXT

OTL logfile created on: 7/17/2011 7:09:14 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 90.27% Memory free

4.09 Gb Paging File | 3.94 Gb Available in Paging File | 96.17% Paging File free

Paging file location(s): C:\pagefile.sys 1023 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 693.93 Gb Free Space | 74.50% Space Free | Partition Type: NTFS

Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.04% Space Free | Partition Type: FAT

Computer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WmiApSrv32)

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)

SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)

DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)

DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)

DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)

DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M]

[2011/07/16 19:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/10 19:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2011/07/17 18:37:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AudioDrvEmulator] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 18:37:25 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/17 18:20:38 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe

[2011/07/17 14:11:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/17 14:11:29 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta

[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2011/06/19 13:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/07/17 19:03:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/17 19:02:16 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/17 19:02:16 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/17 18:58:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/17 18:37:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/07/17 18:21:22 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe

[2011/07/17 18:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job

[2011/07/17 17:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/17 16:53:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job

[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job

[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2011/06/19 13:38:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2011/07/16 12:32:46 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe

[2011/07/16 12:28:01 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr

[2011/06/19 13:38:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat

[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe

[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini

[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini

[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI

[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini

[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini

[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe

[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll

[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI

[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI

[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini

[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini

[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe

[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321

[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX

[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin

[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job

[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job

[2011/07/17 19:03:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job

========== Purity Check ==========

< End of report >

aswMBR.TXT

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software

Run date: 2011-07-17 19:14:10

-----------------------------

19:14:10.968 OS Version: Windows 5.1.2600 Service Pack 3

19:14:10.968 Number of processors: 4 586 0x402

19:14:10.968 ComputerName: BLACKIE UserName:

19:14:15.546 Initialize success

19:14:24.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

19:14:24.343 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 3

19:14:24.359 Disk 0 MBR read successfully

19:14:24.375 Disk 0 MBR scan

19:14:24.375 Disk 0 Windows XP default MBR code

19:14:24.375 Disk 0 scanning sectors +1953504000

19:14:24.453 Disk 0 scanning C:\WINDOWS\system32\drivers

19:14:31.875 Service scanning

19:14:37.093 Disk 0 trace - called modules:

19:14:37.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys

19:14:37.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae14ab8]

19:14:37.109 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000082[0x8ae19930]

19:14:37.109 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8ae78d98]

19:14:37.109 Scan finished successfully

19:16:37.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

19:16:37.609 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Malwarebytes Results

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7194

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

7/18/2011 7:23:30 PM

mbam-log-2011-07-18 (19-23-19).txt

Scan type: Quick scan

Objects scanned: 175207

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Eset scanner report

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-19 12:51:10

# local_time=2011-07-18 08:51:10 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776550 42 87 0 22141009 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=233920

# found=5

# cleaned=5

# scan_time=4124

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\bfgippgejeccnchedleabjblogcilapa\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

These two scans, as you can see, found and quarantined and removed some Viruses...

However, my PC is still behaving the same.

EXE's are failing as Windows reports that there are no EXE's to launch them; and its very difficult to launch some applications, while others just refuse to launch at all... Also still getting some random message about a missing Java file while trying to open Firefox Browser.

Some of these, I can get around and launch as when I try to initially, it asks me what application I want to use, to launch the application I was trying to launch. I click the browse button, and go and search, manually, for the App's actual EXE and force it to launch itself that way by telling it to use its own EXE to launch itself. But that does not work with everything.

Lastly, sorry took a little while to respond. I will follow up, tomorrow, with anything else you suggest!

Link to post
Share on other sites

hi

Step 1

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

You did not remove what Malwarebytes found in the previous scan, make sure when the scan is done to click on "Show results" then select all infection(s) and click on Remove selected.

Things I would like to see in your reply:

  • OTL log
  • MBAM log

Link to post
Share on other sites

Things I would like to see in your reply:

  • OTL log
  • MBAM log

MBAM Log

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7194

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

7/19/2011 7:50:44 PM

mbam-log-2011-07-19 (19-50-44).txt

Scan type: Quick scan

Objects scanned: 175207

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL Report

OTL logfile created on: 7/19/2011 7:46:19 PM - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 89.65% Memory free

4.09 Gb Paging File | 3.93 Gb Available in Paging File | 95.94% Paging File free

Paging file location(s): C:\pagefile.sys 1023 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 693.75 Gb Free Space | 74.48% Space Free | Partition Type: NTFS

Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.07% Space Free | Partition Type: FAT

Computer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WmiApSrv32)

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)

SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)

DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)

DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)

DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)

DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M]

[2011/07/18 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/07/18 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u4rwnzui.default\extensions

[2011/07/18 21:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/02/11 21:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/17 18:37:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AudioDrvEmulator] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not found

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 19:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/18 19:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2011/07/18 19:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2011/07/18 19:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2011/07/17 18:37:25 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/17 18:20:38 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe

[2011/07/17 14:11:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/17 14:11:29 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta

[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/07/19 19:47:40 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/19 19:47:40 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/19 19:43:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/19 02:36:13 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/19 02:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job

[2011/07/19 00:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/19 00:41:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/17 19:16:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat

[2011/07/17 18:37:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/07/17 18:21:22 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe

[2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr

[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job

[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job

[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/07/17 19:16:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat

[2011/07/16 12:32:46 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe

[2011/07/16 12:28:01 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr

[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat

[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe

[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini

[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini

[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI

[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini

[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini

[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe

[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll

[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI

[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI

[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini

[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini

[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe

[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321

[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX

[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin

[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job

[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job

[2011/07/19 00:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

After the above scans...

The system is still behaving the same.

I believe the Registry may have gotten corrupted somehow from one of these viruses before it was caught and cleaned off, as many of my applications are still giving me problems while trying to launch them, often resulting from Windows claiming that there are no EXE's available to launch said applications; even though the EXE's for those applications ARE in their installed folders. I am considering doing a System Restore to a point previous to all this, but I will wait for you to advise further; as I am fearful that if I do, do such a system restore, then it might restore some of the viruses as well...

Link to post
Share on other sites

Every application I try to launch... every one...

Windows pops up a box saying that there is no EXE to launch the application with, and it asks me to chose from a list of other Applications what I want to use to launch my chosen Application with.

It also gives me the option to click a "browse" button so I can go search and select a different App thats not on the list.

For example, I want to launch MSPaint!

It pops up a box telling me to chose what Application I want to use, to launch MSPaint.

If I scroll down through the list, MSPaint itself is listed.

If I select that, and tell it to use MSPaint to launch MSPaint; it will either launch the application that I want, or it will give me a different error and tell me that the EXE I selected is not a valid Win32 Application.

I wish, I could provide you with screenshots of this, but I can't even save any such screenshots because I can't even get MSPaint to launch due to this problem. I can only get a few programs to launch...

The best I can do is refer some webpage links with some examples; and so refer to Figure 3 Picture on THIS PAGE.

Clearly it would seem Windows has lost all its File Associations with ALL my Applications.

ALSO.

All my ICONS loaded into the lower right corner by the Clock, are all gone. None of them will load now, except for the standard Windows audio control (which I can not open due to this problem)and the standard Windows Security Center shield that usually controls the built-in Firewall and monitors anti-virus status, etc... and not thats not a fake one, I'm fairly sure that is the legit one. I can not launch it either though.

When I try to launch it, I get...

"C:/windows/system32/rundll32.exe

Applicaion not found"

I get that on a lot of applications, while others tell me they are not valid Win32 Applications.

Sometimes, when it asks me to chose what Application I want to use, to launch what I am trying to launch... for example, I want to launch Firefox Browser, I can scroll the list and select Firefox launch itself, and it will work. But that doesn't always work with all Apps.

Link to post
Share on other sites

hi

Download SREng

  • Extract it to Desktop and double click SREngLdr.EXE to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:
    SystemRepair_FileAssocs.gif
  • Close SREng now.

Link to post
Share on other sites

So far, so good!

That has fixed about 99% of the issues I was having, and the System is now functioning as it should be. We've even fixed a random problem that I had been experiencing for some time now but wasn't all that serious of a problem to warrant me worrying about.

I can also now run, and update all my security software from the Primary User Account, instead of having to go into Safe Mode as Administrator; and since the Primary User Account is the one that has had all the problems, then I updated its own installation of Malwarebytes and run another Quick Scan.

The following, is a the result of that Quick Scan!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7216

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

7/20/2011 7:46:16 PM

mbam-log-2011-07-20 (19-46-16).txt

Scan type: Quick scan

Objects scanned: 178163

Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\122115331 (Trojan.FakeAlert) -> Value: 122115331 -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

That, looks a little familiar to me as it relates to another minor problem that I've experienced of late; in that I would every couple of weeks have Windows pop up and claim its not a Legit Copy of Windows, when I know it is. Usually when thats happened, I just rebooted the machine and it would OK after that. Never considered, that such might have had something to do with a Virus. It would appear, that last one was a "fake Version alert" which was doing this...

Ironically...

All these problems, started about the same time as when I replaced my AVG with the newer Microsoft Security Essentials!

I may attempt some further Scans, etc thoughout the Evening to make sure everything is functioning properly... and will follow up here with any further recommendations you may have!

Link to post
Share on other sites

I strongly advise you to purchase the PRO version of Malwarebytes Anti-Malware, along with Microsoft Security Essentials they form a great combination.

now Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Link to post
Share on other sites

OTL logfile created on: 7/21/2011 3:55:18 AM - Run 4

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\*****\Desktop\Security Tools - Update & Run Weekly!

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 65.10% Memory free

4.09 Gb Paging File | 3.06 Gb Available in Paging File | 74.73% Paging File free

Paging file location(s): C:\pagefile.sys 1023 2046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 693.69 Gb Free Space | 74.47% Space Free | Partition Type: NTFS

Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive Z: | 189.42 Gb Total Space | 120.04 Gb Free Space | 63.37% Space Free | Partition Type: NTFS

Computer Name: BLACKIE | User Name: *****| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 13:12:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\OTL.exe

PRC - [2011/06/30 18:53:21 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2011/06/23 03:09:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/09/07 18:28:50 | 000,355,432 | ---- | M] () -- C:\Program Files\EVGA Precision\EVGAPrecision.exe

PRC - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe

PRC - [2010/02/11 21:32:54 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2009/11/12 19:52:16 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe

PRC - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009/01/20 23:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2009/01/20 23:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2009/01/20 23:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2008/08/22 14:40:30 | 000,277,008 | ---- | M] () -- C:\Documents and Settings\Corey\Desktop\Benchmarks and Monitors\Core Temp\Core Temp.exe

PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

PRC - [2006/03/29 16:28:44 | 003,604,480 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\WinTV2K.EXE

PRC - [2005/09/23 16:07:00 | 007,551,077 | ---- | M] (Mozilla.org) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 13:12:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

MOD - [1999/04/27 01:26:10 | 000,011,264 | ---- | M] (Hauppauge Computer Works) -- C:\WINDOWS\system32\hcwhook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WmiApSrv32)

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)

SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)

DRV - [2011/07/20 20:42:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl31db5246.sys -- (MpKsl31db5246)

DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)

DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)

DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)

DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)

DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 3C D4 0D E7 28 59 45 8A D9 F2 67 6A 04 4A 0A [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://home.comcast.net/~nazgaull/"

FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {da02f5b3-bf4f-4f85-b123-6c152d8e1810}:1.0

FF - prefs.js..extensions.enabledItems: {4961cdc2-4386-47a1-a7c8-cebc96db3e52}:1.0

FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Corey\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M]

[2010/04/26 04:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Extensions

[2011/07/20 21:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions

[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (QuickTabPrefToggle) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{04352C84-9AC6-4d2f-A518-AB0962D62FA1}

[2010/04/27 19:11:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/07/18 19:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}

[2011/06/29 18:00:10 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{a0f7b384-a625-4ba8-82cb-e33d6d2fd021}

[2011/07/18 19:46:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}

[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\noia2_option@kk.noia

[2011/07/16 19:49:23 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\searchplugins\dictionarycom.xml

[2008/06/24 09:45:31 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\searchplugins\wikipedia-en.xml

[2011/07/20 21:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/02/11 21:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/17 18:37:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AudioDrvEmulator] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] File not found

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [Core Temp] C:\Documents and Settings\Corey\Desktop\Benchmarks and Monitors\Core Temp\Core Temp.exe ()

O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKCU..\Run: [EA Core] File not found

O4 - HKCU..\Run: [Google Update] File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [NVIDIA nTune] File not found

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - Reg Error: Key error. File not found

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - Reg Error: Key error. File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Corey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Corey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 19:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/17 18:37:25 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/09 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corey\Local Settings\Application Data\Firestorm

[2011/07/09 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corey\Application Data\Firestorm

[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta

[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[1 C:\Documents and Settings\Corey\*.tmp files -> C:\Documents and Settings\Corey\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/21 03:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/21 03:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job

[2011/07/20 21:10:51 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Corey\Desktop\Jasmine at Sandy Springs Apartments in Sandy Springs, GA Lyon Communities.URL

[2011/07/20 20:47:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/20 20:46:21 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/20 20:46:21 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/20 20:42:24 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/20 20:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/20 19:36:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job

[2011/07/18 22:39:32 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Corey\Desktop\Malwarebytes Forum.URL

[2011/07/17 18:37:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57

[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job

[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\Documents and Settings\Corey\*.tmp files -> C:\Documents and Settings\Corey\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 21:10:51 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Corey\Desktop\Jasmine at Sandy Springs Apartments in Sandy Springs, GA Lyon Communities.URL

[2011/07/17 05:08:58 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Corey\Desktop\Malwarebytes Forum.URL

[2011/07/16 03:21:25 | 000,013,710 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57

[2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\747073s32x2s4it14g

[2011/05/02 20:46:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\housecall.guid.cache

[2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\jd0304a8d3q3q1q3u

[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat

[2010/07/03 17:37:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\prvlcl.dat

[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe

[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini

[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini

[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010/03/08 21:17:43 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Corey\Application Data\PnkBstrK.sys

[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/11/10 03:58:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\fusioncache.dat

[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI

[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini

[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini

[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe

[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll

[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI

[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI

[2009/03/11 21:44:24 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini

[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini

[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe

[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321

[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX

[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin

[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

[2009/03/28 13:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Acronis

[2009/05/13 10:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Blender Foundation

[2011/07/21 03:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\DNA

[2011/07/09 23:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Firestorm

[2010/06/16 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Folding@home-x86

[2009/12/09 20:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\GetRightToGo

[2010/10/29 22:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\gtk-2.0

[2009/03/12 23:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\InterVideo

[2009/08/02 12:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Kirstens S18

[2009/04/19 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Leadertech

[2011/02/10 04:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\MAGIX

[2009/03/16 20:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\OpenOffice.org

[2010/06/11 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\SecondLife

[2011/01/16 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Sony Online Entertainment

[2010/04/24 22:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\SPORE

[2010/04/26 05:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Thunderbird

[2010/11/15 23:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Turbine

[2011/03/31 00:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Unity

[2009/11/03 10:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Wings3D

[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job

[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job

[2011/07/20 20:47:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/07/20 19:36:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 3C D4 0D E7 28 59 45 8A D9 F2 67 6A 04 4A 0A [binary data]
    [2011/07/18 19:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}
    [2011/07/18 19:46:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
    [2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57
    [2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\747073s32x2s4it14g
    [2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\jd0304a8d3q3q1q3u

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

  • OTL log
  • Combofix.txt

Link to post
Share on other sites

Things I would like to see in your reply:

  • OTL log
  • Combofix.txt

OTL Log

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\defaults folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52} folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\defaults folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome folder moved successfully.

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810} folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.

File D:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

File move failed. D:\SETUP.EXE scheduled to be moved on reboot.

C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57 moved successfully.

C:\Documents and Settings\Corey\Local Settings\Application Data\747073s32x2s4it14g moved successfully.

C:\Documents and Settings\Corey\Local Settings\Application Data\jd0304a8d3q3q1q3u moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\cmd.bat deleted successfully.

C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 294912 bytes

->Temporary Internet Files folder emptied: 4858582 bytes

->FireFox cache emptied: 34950588 bytes

User: All Users

User: Corey

->Temp folder emptied: 2963392 bytes

->Temporary Internet Files folder emptied: 14559587 bytes

->Java cache emptied: 488 bytes

->FireFox cache emptied: 90559987 bytes

->Google Chrome cache emptied: 1931610 bytes

->Flash cache emptied: 1202 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 43154 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Will

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 41067 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 87492388 bytes

Total Files Cleaned = 227.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Corey

->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Will

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_185650

Files\Folders moved on Reboot...

File move failed. D:\SETUP.EXE scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Combofix.txt

ComboFix 11-07-21.02 - Corey 07/21/2011 19:19:17.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2551 [GMT -4:00]

Running from: c:\documents and settings\Corey\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Corey\WINDOWS

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome\xulcache.jar

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\defaults\preferences\xulcache.js

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\install.rdf

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome\xulcache.jar

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\defaults\preferences\xulcache.js

c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\install.rdf

C:\Install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_WMIAPSRV32

-------\Service_WmiApSrv32

.

.

((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))

.

.

2011-07-20 00:14 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\mpengine.dll

2011-07-18 23:38 . 2011-07-18 23:38 -------- d-----w- c:\program files\ESET

2011-07-18 23:24 . 2011-07-18 23:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-07-17 22:37 . 2011-07-17 22:37 -------- d-----w- C:\_OTL

2011-07-17 17:12 . 2011-07-17 17:12 0 ---ha-w- c:\documents and settings\Corey\ggcubzfynp.tmp

2011-07-10 03:06 . 2011-07-10 07:18 -------- d-----w- c:\documents and settings\Corey\Local Settings\Application Data\Firestorm

2011-07-10 03:06 . 2011-07-10 03:07 -------- d-----w- c:\documents and settings\Corey\Application Data\Firestorm

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 23:52 . 2009-03-10 18:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-03-10 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 15:55 . 2011-05-13 00:29 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-05-24 23:14 . 2011-05-04 23:29 222080 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Core Temp"="c:\documents and settings\Corey\Desktop\Benchmarks and Monitors\Core Temp\Core Temp.exe" [2008-08-22 277008]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-01-08 24576]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2010-09-07 355432]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-12 149280]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"TrayServer"="c:\progra~1\MAGIX\MOVIE_~2\TrayServer.exe" [2008-11-13 90112]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADUANgA4ADEAOAA1ADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQANAAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA∏=90&ver=9.0.894" [?]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-7 805392]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\My Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\My Games\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\My Games\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\My Games\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=

"c:\\Program Files\\My Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\My Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\My Games\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=

"c:\\Program Files\\Flagship Studios\\Hellgate London Demo\\Launcher.exe"=

"c:\\Program Files\\My Games\\Microsoft Games\\Halo\\halo.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Program Files\\My Games\\3DO\\Heroes3\\H3BLADE.icd"=

"c:\\Program Files\\My Games\\Electronic Arts\\American McGee's Alice\\alice.exe"=

"c:\\Program Files\\My Games\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=

"c:\\Program Files\\My Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Program Files\\My Games\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=

"c:\\Program Files\\My Games\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\My Games\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\My Games\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=

"c:\\Program Files\\My Games\\Rockstar Games\\Grand Theft Auto IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program Files\\My Games\\Rockstar Games\\Grand Theft Auto IV\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Program Files\\My Games\\Activision\\Transformers - War for Cybertron\\Binaries\\TWFC.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\My Games\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=

"c:\\Program Files\\My Games\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=

"c:\\Program Files\\Second Life Viewers\\Phoenix Viewer\\PhoenixViewer.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/10/2009 2:13 PM 1872320]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [5/6/2009 7:53 PM 1220608]

R3 ALSysIO;ALSysIO;\??\c:\docume~1\Corey\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Corey\LOCALS~1\Temp\ALSysIO.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/12/2009 11:02 PM 38560]

R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 3:39 PM 4608]

S1 MpKsl6008da0e;MpKsl6008da0e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6008da0e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6008da0e.sys [?]

S1 MpKsl6d975210;MpKsl6d975210;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6d975210.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6d975210.sys [?]

S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2/23/2009 12:21 AM 69632]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2010 7:11 PM 136176]

S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [3/17/2010 7:59 PM 1025920]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/24/2010 9:41 PM 1691480]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2009 5:21 PM 198168]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2009 5:21 PM 198168]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2009 5:21 PM 1353240]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2009 5:21 PM 1353240]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2009 5:21 PM 73752]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2009 5:21 PM 73752]

S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]

S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [10/15/2009 7:39 PM 9216]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2010 7:11 PM 136176]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [5/9/2009 5:21 PM 1221144]

S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [3/11/2009 4:51 AM 1456352]

S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-07 c:\windows\Tasks\App_Close.job

- c:\documents and settings\Corey\Desktop\App_Close.bat [2011-01-17 09:22]

.

2011-05-02 c:\windows\Tasks\DVD Alarm.job

- c:\program files\InterVideo\DVD7\WinDVD.exe [2009-03-13 06:41]

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 23:11]

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 23:11]

.

2011-07-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]

.

2011-07-20 c:\windows\Tasks\WinTV2K.job

- c:\program files\WinTV\WinTV2K.EXE [2010-04-25 20:28]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://192.168.1.1/

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = <local>

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

FF - ProfilePath - c:\documents and settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FF - prefs.js: browser.startup.homepage - hxxp://home.comcast.net/~nazgaull/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

HKLM-Run-Malwarebytes' Anti-Malware (reboot) - e:\malwarebytes' anti-malware\mbam.exe

HKU-Default-RunOnce-SetDefaultMIDI - MIDIDEF.EXE

Notify-avgrsstarter - avgrsstx.dll

AddRemove-Blender - f:\blender foundation\Blender\uninstall.exe

AddRemove-Evil Genius_is1 - c:\program files\My Games\VUGames\Evil Genius\unins000.exe

AddRemove-WinGimp-2.0_is1 - f:\gimp-2.0\setup\unins000.exe

AddRemove-Wings 3D 1.0.2 - f:\wings3d_1.0.2\Uninstall.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Corey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-21 19:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-606747145-507921405-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:f6,7a,19,0d,7c,c4,fc,b7,d1,98,29,19,1b,c3,ba,4c,57,dd,3e,fc,95,60,a2,

0d,6b,6f,a8,97,3c,51,d8,73,a6,0e,a0,3c,e7,83,6a,4f,0e,4e,12,25,7d,0e,cf,80,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

.

[HKEY_USERS\S-1-5-21-606747145-507921405-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:b2,7f,81,95,77,f7,e2,1d,6b,ee,29,32,16,bb,23,cb,3d,cd,9f,26,30,

c3,05,8d,d8,04,9b,d3,10,12,ae,49,d6,20,b3,0e,be,fb,24,db,73,d3,c0,bb,82,e9,\

"rkeysecu"=hex:01,1a,8d,69,e9,1f,8d,84,8a,a8,ea,c1,1a,66,a6,e9

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]

@DACL=(02 0000)

@="Wireless"

"ProcessGroupPolicy"="ProcessWIRELESSPolicy"

"DllName"=expand:"gptext.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]

@DACL=(02 0000)

@="Group Policy Environment"

"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"

"ProcessGroupPolicyEx 0"=""

"EventSources"="(Group Policy Environment,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-1"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]

@DACL=(02 0000)

@="Group Policy Local Users and Groups"

"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"

"EventSources"="(Group Policy Local Users and Groups,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-2"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]

@DACL=(02 0000)

@="Group Policy Device Settings"

"ProcessGroupPolicy"="ProcessGroupPolicyDevices"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyDevices"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"

"EventSources"="(Group Policy Device Settings,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-3"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]

@DACL=(02 0000)

@="Folder Redirection"

"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

"DllName"=expand:"fdeploy.dll"

"NoMachinePolicy"=dword:00000001

"NoSlowLink"=dword:00000001

"PerUserLocalSettings"=dword:00000001

"NoGPOListChanges"=dword:00000000

"NoBackgroundPolicy"=dword:00000000

"GenerateGroupPolicy"="GenerateGroupPolicy"

"EventSources"=multi:"(Folder Redirection,Application)\00\00"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

@DACL=(02 0000)

@="Microsoft Disk Quota"

"NoMachinePolicy"=dword:00000000

"NoUserPolicy"=dword:00000001

"NoSlowLink"=dword:00000001

"NoBackgroundPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"PerUserLocalSettings"=dword:00000000

"RequiresSuccessfulRegistry"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000000

"DllName"=expand:"dskquota.dll"

"ProcessGroupPolicy"="ProcessGroupPolicy"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]

@DACL=(02 0000)

@="Group Policy Network Options"

"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"

"EventSources"="(Group Policy Network Options,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-4"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]

@DACL=(02 0000)

@="QoS Packet Scheduler"

"ProcessGroupPolicy"="ProcessPSCHEDPolicy"

"DllName"=expand:"gptext.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]

@DACL=(02 0000)

@="Scripts"

"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"

"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"

"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"

"DllName"=expand:"gptext.dll"

"NoSlowLink"=dword:00000001

"NoGPOListChanges"=dword:00000001

"NotifyLinkTransition"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

@DACL=(02 0000)

@="Internet Explorer Zonemapping"

"DllName"=expand:"iedkcs32.dll"

"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"

"NoGPOListChanges"=dword:00000001

"RequiresSucessfulRegistry"=dword:00000001

"DisplayName"=expand:"@iedkcs32.dll,-3051"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]

@DACL=(02 0000)

@="Group Policy Drive Maps"

"ProcessGroupPolicy"="ProcessGroupPolicyDrives"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyDrives"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"

"EventSources"="(Group Policy Drive Maps,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-5"

"PerUserLocalSettings"=dword:00000001

"NoBackgroundPolicy"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]

@DACL=(02 0000)

@="Group Policy Folders"

"ProcessGroupPolicy"="ProcessGroupPolicyFolders"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyFolders"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"

"EventSources"="(Group Policy Folders,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-6"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=""

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]

@DACL=(02 0000)

@="Group Policy Network Shares"

"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"

"EventSources"="(Group Policy Network Shares,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-7"

"NoUserPolicy"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]

@DACL=(02 0000)

@="Group Policy Files"

"ProcessGroupPolicy"="ProcessGroupPolicyFiles"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyFiles"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"

"EventSources"="(Group Policy Files,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-8"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]

@DACL=(02 0000)

@="Group Policy Data Sources"

"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"

"EventSources"="(Group Policy Data Sources,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-9"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]

@DACL=(02 0000)

@="Group Policy Ini Files"

"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"

"EventSources"="(Group Policy Ini Files,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-10"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

@DACL=(02 0000)

"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"

"GenerateGroupPolicy"="SceGenerateGroupPolicy"

"ExtensionRsopPlanningDebugLevel"=dword:00000001

"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"

"ExtensionDebugLevel"=dword:00000001

"DllName"=expand:"scecli.dll"

@="Security"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

"MaxNoGPOListChangesInterval"=dword:000003c0

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]

@DACL=(02 0000)

@="Group Policy Services"

"ProcessGroupPolicy"="ProcessGroupPolicyServices"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyServices"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"

"EventSources"="(Group Policy Services,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-11"

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

@DACL=(02 0000)

"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

"GenerateGroupPolicy"="GenerateGroupPolicy"

"ProcessGroupPolicy"="ProcessGroupPolicy"

"DllName"="iedkcs32.dll"

@="Internet Explorer Branding"

"NoSlowLink"=dword:00000001

"NoBackgroundPolicy"=dword:00000000

"NoGPOListChanges"=dword:00000001

"NoMachinePolicy"=dword:00000001

"DisplayName"=expand:"@iedkcs32.dll,-3014"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]

@DACL=(02 0000)

@="Group Policy Folder Options"

"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"

"EventSources"="(Group Policy Folder Options,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-12"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]

@DACL=(02 0000)

@="Group Policy Scheduled Tasks"

"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"

"EventSources"="(Group Policy Scheduled Tasks,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-13"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]

@DACL=(02 0000)

@="Group Policy Registry"

"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"

"EventSources"="(Group Policy Registry,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-14"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]

@DACL=(02 0000)

"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"

"DllName"=expand:"scecli.dll"

@="EFS recovery"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]

@DACL=(02 0000)

@="802.3 Group Policy"

"DisplayName"=expand:"@dot3gpclnt.dll,-100"

"ProcessGroupPolicyEx"="ProcessLANPolicyEx"

"GenerateGroupPolicy"="GenerateLANPolicy"

"DllName"=expand:"dot3gpclnt.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]

@DACL=(02 0000)

@="Group Policy Printers"

"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"

"EventSources"="(Group Policy Printers,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-16"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]

@DACL=(02 0000)

@="Group Policy Shortcuts"

"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"

"EventSources"="(Group Policy Shortcuts,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-17"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]

@DACL=(02 0000)

@="Microsoft Offline Files"

"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"

"EnableAsynchronousProcessing"=dword:00000000

"NoBackgroundPolicy"=dword:00000000

"NoGPOListChanges"=dword:00000000

"NoMachinePolicy"=dword:00000000

"NoSlowLink"=dword:00000000

"NoUserPolicy"=dword:00000001

"PerUserLocalSettings"=dword:00000000

"ProcessGroupPolicy"="ProcessGroupPolicy"

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]

@DACL=(02 0000)

@="Software Installation"

"DllName"=expand:"appmgmts.dll"

"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"

"GenerateGroupPolicy"="GenerateGroupPolicy"

"NoBackgroundPolicy"=dword:00000000

"RequiresSucessfulRegistry"=dword:00000000

"NoSlowLink"=dword:00000001

"PerUserLocalSettings"=dword:00000001

"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]

@DACL=(02 0000)

@="IP Security"

"ProcessGroupPolicy"="ProcessIPSECPolicy"

"DllName"=expand:"gptext.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]

@DACL=(02 0000)

@="Group Policy Internet Settings"

"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyInternet"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"

"EventSources"="(Group Policy Internet Settings,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-18"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]

@DACL=(02 0000)

@="Group Policy Start Menu Settings"

"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"

"EventSources"="(Group Policy Start Menu Settings,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-19"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]

@DACL=(02 0000)

@="Group Policy Regional Options"

"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"

"EventSources"="(Group Policy Regional Options,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-20"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]

@DACL=(02 0000)

@="Group Policy Power Options"

"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"

"EventSources"="(Group Policy Power Options,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-21"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]

@DACL=(02 0000)

@="Group Policy Applications"

"ProcessGroupPolicy"="ProcessGroupPolicyApplications"

"DllName"=expand:"gpprefcl.dll"

"GenerateGroupPolicy"="GenerateGroupPolicyApplications"

"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"

"EventSources"="(Group Policy Applications,Application)"

"DisplayName"=expand:"@gpprefcl.dll,-15"

"PerUserLocalSettings"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\Event]

@DACL=(02 0000)

"Logon"="LBTWLgn_LOGON"

"StartShell"="LBTWLgn_STARTSHELL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

@DACL=(02 0000)

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(900)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(3256)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-07-21 19:30:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-21 23:30

.

Pre-Run: 744,867,717,120 bytes free

Post-Run: 744,608,567,296 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 75C504A17C79A1794E1ECA98AA3FBD3A

Link to post
Share on other sites

hi

please do not quote the logs anymore just post them.

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7234

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

7/22/2011 7:55:35 PM

mbam-log-2011-07-22 (19-55-35).txt

Scan type: Quick scan

Objects scanned: 178099

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-19 12:51:10

# local_time=2011-07-18 08:51:10 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776550 42 87 0 22141009 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=233920

# found=5

# cleaned=5

# scan_time=4124

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\bfgippgejeccnchedleabjblogcilapa\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-19 02:37:21

# local_time=2011-07-18 10:37:21 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 43292752 43292752 0 0

# compatibility_mode=5891 16776533 42 87 0 22146513 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=234177

# found=0

# cleaned=0

# scan_time=4988

# version=7

# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-23 01:24:59

# local_time=2011-07-22 09:24:59 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 43633773 43633773 0 0

# compatibility_mode=5891 16776533 42 87 0 22487534 0 0

# compatibility_mode=8192 67108863 100 0 260334 260334 0 0

# scanned=241785

# found=5

# cleaned=5

# scan_time=5227

C:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1337\A0230545.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230678.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230679.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230680.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230681.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESET appears to have found and removed more on this run.

Looks like the same 5, that it found on its previous run but in a different folder location.

The computer, thus far has been functioning normally, though interestingly, when I booted up this evening I got another "alert" popping up from my Microsoft Security Essentials, reporting that my Windows is not a valid copy, even though I know it is. I bought this copy myself direct from Newegg about 3 years ago, and haven't had any such problem with it not being valid, until recently.

MSE reports this for about 5 minutes, going so far as to turn itself off and flash an "update" button that takes me to the Microsoft website; but then after 5 minutes that all goes away by itself and MSE switches back into "happy mode" claiming that there is nothing wrong with my computer.

That, at present, is the ONLY problem I am apparently still having...

After posting this, I am going to run ESET again just for the sake of my own curiosity!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.