Nyarlathotep Posted July 17, 2011 ID:454843 Share Posted July 17, 2011 I am not sure if I am posting this in the right spot, as I don't actually have any Logs of anything, but I do need some advice... A few months ago my system got infected with the XP Security 2011 Virus from a Website for the game Left4Dead 2...I used the following, to troubleshoot and remove it.http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011I followed the steps precisely each time, which includes the use of MalewareBytes to clean the virus. I even keep MalwareBytes installed and updated on a Flash Drive, so it can be run from an UNCorrupted source.It cleaned the virus off my computer, but every few weeks to a month, it resurrects itself and reinfects my computer; usually when the machine is just sitting idle and I'm not even touching it. I go through the steps on the above link, to remove it again... but then but then it just comes back again after another few weeks to a month...Its resurrected itself a total of 4 times now, each time under a different name, but always the same thing. About a month ago, the last time it resurrected itself, it came back under the name of "XP Repair Tool"; which proved rather difficult to clean off, but again the above steps on the above Link, did the trick.Last night, it has come back, resurrected again... I followed the steps again, to clean it off...This time, after the cleaning process completed and rebooted my machine; my Windows came up, and everything looks ok.But none of my Executables work anymore!I can't launch any applications, because Windows seemingly does not know how to launch them... It pops up a window, asking me what Application I want to use, to launch the Application that I was trying to launch. Then it tells me it can't find some file it claims it needs to launch the App, then clicking on OK on that, it then launches the App.I am kind of unsure of how to proceed any further at this point.Obviously, this is something nasty, and the above steps that include the use of MalwareBytes, just doesn't do enough to fix this.Lately I think it has gotten into my Task Scheduler... as, I have a TV Card installed, and a scheduled task to launch the TV in the morning eveyday day at 8am. I start a screensaver at night, then go to bed, and the TV kicks in each morning for when I need to get up. But, recently in the past month since this came back the last time, Task Scheduler will launch the EXE for the TV software, but it won't kill the Screen Saver, and the Application itself never opens... but the EXE is loaded and the Audio turns on. I can hear the TV, but I can't see it. I have to shut down the screen saver manually, bring up my Task Manager and kill the EXE on the TV software, then re-launch it manually, for the Application to actually open and let me SEE the TV... I am starting to suspect that I might need to just do a clean re-install of my Windows at this point, which isn't too big a deal as its not that hard to back up any documents/files that I need to save.But, I am wondering if anyone have any other advice? Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 17, 2011 Author ID:454892 Share Posted July 17, 2011 Some of my applications, things I use every day... are now failing to launch and giving me an error saying that their EXE's are not valid Win32 Applications.Also getting messages about missing some random Java file, when trying to open other applications...Could really use some advice on this, its getting difficult to use my computer... Link to post Share on other sites More sharing options...
aliB Posted July 17, 2011 ID:454916 Share Posted July 17, 2011 Hello Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Step 1Please download Rogue Kill from hereDouble-click on rkill.com to run it. You may need to run this program a few times to stop the malware process running. The malware will probably complain about being stopped but please ignore this. Do not reboot your computer after running rkill as the malware programs will start again. Step 2Please download OTH.scr to your desktopPlease download OTL to your DesktopPlease download the attached Scan.txt to your destopDouble click the OTH file and select Kill All Processes, your desktop will go blankThen select Start OTL OTL will now rundouble-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a fileSelect Scan.txt that you downloadedClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Scan.txt Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 17, 2011 Author ID:455070 Share Posted July 17, 2011 I can only do the above steps while logged onto my Admin Account via Safe Mode.If I log into my normal account, in regular mode, then Windows will not run Rkill, OHL or OTL because it claims that there are no Executables to run them.So, I am going through your steps in safe mode and will report more info shortly! Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 17, 2011 Author ID:455106 Share Posted July 17, 2011 Both of the following Reports were run while in Safe Mode, logged onto an Administrator Account.The PRIMARY User Account, that has been infected, WILL NOT run any of the above programs; Rkill, OHL, or OTL... When that primary user account is infected, I usually boot into Safe Mode on the Administrator Account, to run Malware Bytes and others, to scan and clean the system.. and this is what I had to do to get those programs to run.Here are the Logs, OTL.txt, and Extras.txtThe following is OTL.txtOTL logfile created on: 7/17/2011 4:20:05 PM - Run 1OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 90.02% Memory free4.09 Gb Paging File | 3.93 Gb Available in Paging File | 96.13% Paging File freePaging file location(s): C:\pagefile.sys 1023 2046 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 931.50 Gb Total Space | 687.91 Gb Free Space | 73.85% Space Free | Partition Type: NTFSDrive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FATComputer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.Boot Mode: SafeMode | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exePRC - [2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scrPRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe========== Modules (SafeList) ==========MOD - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exeMOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll========== Win32 Services (SafeList) ==========SRV - [2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) [Auto | Stopped] -- C:\WINDOWS\system32\kbdcz132.exe -- (WmiApSrv32)SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)========== Driver Services (SafeList) ==========DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)DRV - [2008/10/23 09:58:15 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Corey\Local Settings\Temp\nsysaudm.sys -- (nsysaudm)DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M][2011/07/16 19:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/05/10 19:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}O1 HOSTS File: ([2009/03/10 14:17:25 | 000,302,562 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 10430 more lines...O2 - BHO: (no name) - {0DD43CE0-28E7-4559-8AD9-F2676A044A0a} - C:\WINDOWS\system32\authz32.dll (AIDEX Team)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not foundO2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [AudioDrvEmulator] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not foundO24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]O33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundCREATERESTOREPOINTError creating restore point.========== Files/Folders - Created Within 30 Days ==========[2011/07/17 14:11:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2011/07/17 14:11:29 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr[2011/07/17 12:48:22 | 000,348,672 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\authz32.dll[2011/07/16 00:01:34 | 000,554,496 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\authz32.exe[2011/07/16 00:01:33 | 000,554,496 | ---- | C] (AIDEX Team) -- C:\WINDOWS\System32\kbdcz132.exe[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2011/06/19 13:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/07/17 15:11:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2011/07/17 15:10:39 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/07/17 15:10:39 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/07/17 15:06:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/07/17 13:36:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr[2011/07/17 12:48:22 | 000,348,672 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\authz32.dll[2011/07/17 05:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job[2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\180676m7u7426jofutj5plxox57[2011/07/16 00:01:34 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\1247541505[2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\kbdcz132.exe[2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\authz32.exe[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job[2011/07/15 06:36:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini[2011/06/19 13:38:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2011/07/16 12:32:46 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe[2011/07/16 12:28:01 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr[2011/07/16 03:21:25 | 000,013,710 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\180676m7u7426jofutj5plxox57[2011/07/16 00:01:33 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\1247541505[2011/06/19 13:38:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk[2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g[2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jd0304a8d3q3q1q3u[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== LOP Check ==========[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job[2011/07/17 15:11:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.exe >[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe< MD5 for: EXPLORER.EXE >[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\procs\explorer.exe[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\procs\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX1\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX2\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX3\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\h\explorer.exe[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\h\explorer.exe< MD5 for: SVCHOST.EXE >[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe< MD5 for: USERINIT.EXE >[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX1\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX2\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX3\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\userinit.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\userinit.exe< MD5 for: WINLOGON.EXE >[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX1\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX10\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX11\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX12\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX13\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX14\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX15\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX16\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX17\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX2\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX3\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX6\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX7\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX8\winlogon.exe[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Corey\Local Settings\Temp\RarSFX9\winlogon.exe[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe< %systemroot%\*. /mp /s >< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exeHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 03:09:09 | 000,912,344 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-modeHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/06/08 23:28:36 | 001,007,120 | ---- | M] ()< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 03:09:11 | 000,552,464 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exeHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 03:09:09 | 000,912,344 | ---- | M] (Mozilla Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-modeHKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/06/08 23:28:36 | 001,007,120 | ---- | M] ()< >< >< http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe >Invalid Switch: MBRCheck.exe< End of report > Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 17, 2011 Author ID:455107 Share Posted July 17, 2011 The following is extras.txtOTL Extras logfile created on: 7/17/2011 4:20:05 PM - Run 1OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 90.02% Memory free4.09 Gb Paging File | 3.93 Gb Available in Paging File | 96.13% Paging File freePaging file location(s): C:\pagefile.sys 1023 2046 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 931.50 Gb Total Space | 687.91 Gb Free Space | 73.85% Space Free | Partition Type: NTFSDrive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FATComputer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.Boot Mode: SafeMode | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"C:\Program Files\My Games\SecondLife\SLVoice.exe" = C:\Program Files\My Games\SecondLife\SLVoice.exe:*:Enabled:SLVoice"C:\Program Files\My Games\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\My Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()"C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)"C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)"C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Program Files\My Games\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)"C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\My Games\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)"C:\Program Files\My Games\SecondLife\CoolViewer.exe" = C:\Program Files\My Games\SecondLife\CoolViewer.exe:*:Enabled:Second Life"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)"C:\Program Files\My Games\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\My Games\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)"C:\Program Files\Flagship Studios\Hellgate London Demo\Launcher.exe" = C:\Program Files\Flagship Studios\Hellgate London Demo\Launcher.exe:*:Enabled:Hellgate: London -- (Flagship Studios)"C:\Documents and Settings\Corey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Corey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)"C:\Program Files\My Games\Microsoft Games\Halo\halo.exe" = C:\Program Files\My Games\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)"C:\Program Files\My Games\3DO\Heroes3\H3BLADE.icd" = C:\Program Files\My Games\3DO\Heroes3\H3BLADE.icd:*:Enabled:Heroes of Might and Magic III -- (The 3DO Company)"C:\Program Files\My Games\CoolViewer\CoolViewer.exe" = C:\Program Files\My Games\CoolViewer\CoolViewer.exe:*:Enabled:Cool Viewer"C:\Program Files\My Games\GreenLife Emerald Viewer\SLVoice.exe" = C:\Program Files\My Games\GreenLife Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice"C:\Program Files\My Games\GreenLife Emerald Viewer\GreenLife.exe" = C:\Program Files\My Games\GreenLife Emerald Viewer\GreenLife.exe:*:Enabled:Second Life Open Source [GreenLife Emerald Viewer]"C:\Program Files\My Games\Electronic Arts\American McGee's Alice\alice.exe" = C:\Program Files\My Games\Electronic Arts\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)"C:\Program Files\My Games\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\My Games\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)"C:\Program Files\My Games\GreenLife Emerald Viewer\Emerald.exe" = C:\Program Files\My Games\GreenLife Emerald Viewer\Emerald.exe:*:Enabled:Second Life Open Source [Emerald Viewer]"C:\Program Files\My Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\My Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- ()"C:\Program Files\My Games\Emerald Viewer\Emerald.exe" = C:\Program Files\My Games\Emerald Viewer\Emerald.exe:*:Enabled:Second Life Open Source [Emerald Viewer]"C:\Program Files\My Games\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\My Games\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)"C:\Program Files\My Games\Snowglobe\SnowglobeRelease.exe" = C:\Program Files\My Games\Snowglobe\SnowglobeRelease.exe:*:Enabled:Snowglobe"C:\Program Files\My Games\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\My Games\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)"C:\Program Files\My Games\Emerald Viewer\SLVoice.exe" = C:\Program Files\My Games\Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)"C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\My Games\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)"C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)"C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files\My Games\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)"C:\Program Files\My Games\Activision\Transformers - War for Cybertron\Binaries\TWFC.exe" = C:\Program Files\My Games\Activision\Transformers - War for Cybertron\Binaries\TWFC.exe:*:Enabled:Transformers - War for Cybertron -- ()"C:\Program Files\Second Life Viewers\Ascent\Ascent.exe" = C:\Program Files\Second Life Viewers\Ascent\Ascent.exe:*:Enabled:Ascent"C:\Program Files\Second Life Viewers\Phoenix Viewer\SLVoice.exe" = C:\Program Files\Second Life Viewers\Phoenix Viewer\SLVoice.exe:*:Enabled:SLVoice"C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\My Games\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)"C:\Program Files\My Games\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE" = C:\Program Files\My Games\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC -- ()"C:\Program Files\My Games\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\My Games\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)"C:\Program Files\Second Life Viewers\Phoenix Viewer\PhoenixViewer.exe" = C:\Program Files\Second Life Viewers\Phoenix Viewer\PhoenixViewer.exe:*:Enabled:Phoenix Viewer -- (Phoenix Viewer)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]" Heroes of Might and Magic III Armageddon's Blade" = Heroes of Might and Magic III Armageddon's Blade"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1102"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum"{52B94500-1782-411F-BFA5-EBAC312964DE}" = The Witcher Demo"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV"{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)"{5C104E56-A441-429D-A609-D8A46EB92EA1}" = PCMark05"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures"{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate: London Demo"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion for Gaming"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1" = Cryostasis (Remove Only)"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters"{C712D1AB-16BD-434A-9624-A4748AEAF31D}" = Kirstens S18 (205)"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2"{D4F8C273-468F-4491-AEA1-A6811B0E2780}" = AMD OverDrive"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons and Dragons Online™ - Eberron Unlimited™ - Live"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11"Age of Empires 2.0" = Microsoft Age of Empires II"a-squared Free_is1" = a-squared Free 4.0"Blender" = Blender (remove only)"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2"Crysis WARHEAD®" = Crysis WARHEAD®"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60"Evil Genius" = Evil Genius"Evil Genius_is1" = Evil Genius V1.01"Firestorm-Beta" = Firestorm-Beta (remove only)"Fraps" = Fraps"Guild Wars" = Guild Wars"Halo" = Microsoft Halo"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources"Hauppauge WinTV Radio" = Hauppauge WinTV Radio"Hauppauge WinTV2000" = Hauppauge WinTV2000"Hauppauge WinTV-PVR2 USB2 Drivers" = Hauppauge WinTV-PVR2 USB2 Drivers"Heroes of Might and Magic® III" = Heroes of Might and Magic® III"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers - War for Cybertron"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare"InterActual Player" = InterActual Player"Liveupdate4_is1" = Liveupdate4"MAGIX 3D Maker US" = MAGIX 3D Maker (embeded)"MAGIX Movie Edit Pro 16 Plus US" = MAGIX Movie Edit Pro 16 Plus 9.0.1.60 (US)"MAGIX Screenshare US" = MAGIX Screenshare"MAGIX Speed burnR US" = MAGIX Speed burnR"MAGIX Xtreme Photo Designer 6 US" = MAGIX Xtreme Photo Designer 6"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft Security Client" = Microsoft Security Essentials"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)"Mozilla Thunderbird (1.0.7)" = Mozilla Thunderbird (1.0.7)"MS Access 97 SP2" = MS Access 97 SP2"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSI8624Drv" = MSI 8624 BDA Driver"mufin player US" = mufin player 1.0.0.99 (US)"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Display Control Panel" = NVIDIA Display Control Panel"NVIDIA Drivers" = NVIDIA Drivers"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"Online Manuals for WinTV (English)" = Online Manuals for WinTV (English)"OpenAL" = OpenAL"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5"Precision" = EVGA Precision 2.0.0"PunkBusterSvc" = PunkBuster Services"r8brain" = r8brain 1.9"RealPlayer 6.0" = RealPlayer"SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6"SimCity 3000 Unlimited" = SimCity 3000 Unlimited"SingularityViewer" = SingularityViewer (remove only)"Starcraft" = Starcraft"Steam App 211" = Source SDK"Steam App 215" = Source SDK Base"Steam App 220" = Half-Life 2"Steam App 320" = Half-Life 2: Deathmatch"SystemRequirementsLab" = System Requirements Lab"ThiefDeinstallKey" = Thief:The Dark Project"UnrealTournament" = Unreal Tournament"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5"Windows Media Encoder 9" = Windows Media Encoder 9 Series"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WinGimp-2.0_is1" = GIMP 2.6.6"Wings 3D 1.0.2" = Wings 3D 1.0.2"WinZip" = WinZip"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"Yahoo! Messenger" = Yahoo! Messenger"ZENcast Organizer" = ZENcast Organizer========== Last 10 Event Log Errors ==========[ Application Events ]Error - 7/9/2011 7:43:24 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/10/2011 5:02:49 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/10/2011 7:43:25 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/11/2011 5:01:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/12/2011 4:39:05 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/13/2011 5:20:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/14/2011 4:33:21 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/15/2011 4:46:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/16/2011 5:16:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/17/2011 5:06:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.[ Application Events ]Error - 7/9/2011 7:43:24 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/10/2011 5:02:49 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/10/2011 7:43:25 PM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/11/2011 5:01:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/12/2011 4:39:05 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/13/2011 5:20:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/14/2011 4:33:21 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/15/2011 4:46:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/16/2011 5:16:22 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.Error - 7/17/2011 5:06:01 AM | Computer Name = BLACKIE | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.[ System Events ]Error - 5/1/2009 8:04:46 PM | Computer Name = BLACKIE | Source = System Error | ID = 1003Description = Error code 1000007f, parameter1 00000008, parameter2 ba348d70, parameter3 00000000, parameter4 00000000.Error - 5/6/2009 9:39:50 AM | Computer Name = BLACKIE | Source = nv | ID = 11141134Description = Unknown error on CMDre 00000000 00000080 00000000 00000005 00000005Error - 5/6/2009 9:40:15 AM | Computer Name = BLACKIE | Source = nv | ID = 262252Description = The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with yourhardware device vendor for any driver updates.Error - 5/6/2009 9:49:33 AM | Computer Name = BLACKIE | Source = System Error | ID = 1003Description = Error code 000000ea, parameter1 89ad6020, parameter2 8adc4008, parameter3 8a6ec6d8, parameter4 00000001.Error - 5/9/2009 12:47:23 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.Error - 5/9/2009 12:47:52 PM | Computer Name = BLACKIE | Source = System Error | ID = 1003Description = Error code 0000009c, parameter1 00000000, parameter2 ba34c050, parameter3 b26b4000, parameter4 00000175.Error - 5/9/2009 4:54:32 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.Error - 5/9/2009 5:16:47 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.Error - 5/9/2009 5:24:39 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.Error - 5/9/2009 5:26:37 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7011Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.< End of report > Link to post Share on other sites More sharing options...
aliB Posted July 17, 2011 ID:455119 Share Posted July 17, 2011 hiStep 1Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLO2 - BHO: (no name) - {0DD43CE0-28E7-4559-8AD9-F2676A044A0a} - C:\WINDOWS\system32\authz32.dll (AIDEX Team)[2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\180676m7u7426jofutj5plxox57[2011/07/16 00:01:34 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\1247541505[2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\kbdcz132.exe[2011/07/16 00:01:32 | 000,554,496 | ---- | M] (AIDEX Team) -- C:\WINDOWS\System32\authz32.exe[2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g[2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jd0304a8d3q3q1q3u[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321:Filesipconfig /flushdns /c:Commands[purity][resethosts][emptytemp][EMPTYFLASH][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is doneOpen OTL again and click the Quick Scan button. Post the log it produces in your next reply.Step 2Download aswMBR.exe ( 1.8mb ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply Things I would like to see in your reply:OTL logaswMBR l Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 17, 2011 Author ID:455140 Share Posted July 17, 2011 Things I would like to see in your reply:OTL logaswMBR lI appreciate your time, patience, and your assistance on this.Here are the next two logs you requested.OTL.TXTOTL logfile created on: 7/17/2011 7:09:14 PM - Run 2OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 90.27% Memory free4.09 Gb Paging File | 3.94 Gb Available in Paging File | 96.17% Paging File freePaging file location(s): C:\pagefile.sys 1023 2046 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 931.50 Gb Total Space | 693.93 Gb Free Space | 74.50% Space Free | Partition Type: NTFSDrive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.04% Space Free | Partition Type: FATComputer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.Boot Mode: SafeMode | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exePRC - [2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scrPRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe========== Modules (SafeList) ==========MOD - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exeMOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- -- (WmiApSrv32)SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)========== Driver Services (SafeList) ==========DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M][2011/07/16 19:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/05/10 19:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}O1 HOSTS File: ([2011/07/17 18:37:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not foundO2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [AudioDrvEmulator] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]O33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/07/17 18:37:25 | 000,000,000 | ---D | C] -- C:\_OTL[2011/07/17 18:20:38 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe[2011/07/17 14:11:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2011/07/17 14:11:29 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2011/06/19 13:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll========== Files - Modified Within 30 Days ==========[2011/07/17 19:03:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2011/07/17 19:02:16 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/07/17 19:02:16 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/07/17 18:58:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/07/17 18:37:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts[2011/07/17 18:21:22 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe[2011/07/17 18:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job[2011/07/17 17:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011/07/17 16:53:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini[2011/06/19 13:38:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk========== Files Created - No Company Name ==========[2011/07/16 12:32:46 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe[2011/07/16 12:28:01 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr[2011/06/19 13:38:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== LOP Check ==========[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job[2011/07/17 19:03:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job========== Purity Check ==========< End of report >aswMBR.TXTaswMBR version 0.9.7.777 Copyright© 2011 AVAST SoftwareRun date: 2011-07-17 19:14:10-----------------------------19:14:10.968 OS Version: Windows 5.1.2600 Service Pack 319:14:10.968 Number of processors: 4 586 0x40219:14:10.968 ComputerName: BLACKIE UserName: 19:14:15.546 Initialize success19:14:24.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e19:14:24.343 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 319:14:24.359 Disk 0 MBR read successfully19:14:24.375 Disk 0 MBR scan19:14:24.375 Disk 0 Windows XP default MBR code19:14:24.375 Disk 0 scanning sectors +195350400019:14:24.453 Disk 0 scanning C:\WINDOWS\system32\drivers19:14:31.875 Service scanning19:14:37.093 Disk 0 trace - called modules:19:14:37.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 19:14:37.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae14ab8]19:14:37.109 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000082[0x8ae19930]19:14:37.109 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8ae78d98]19:14:37.109 Scan finished successfully19:16:37.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"19:16:37.609 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
aliB Posted July 18, 2011 ID:455244 Share Posted July 18, 2011 hiStep 1Update MalwareBytes AntiMalware and Run a Quick Scan.Post the log it producesStep 2Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicThings i would like to see in your reply:Malwarebytes Results.Eset scanner report.Update on how your computer is running Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 19, 2011 Author ID:455572 Share Posted July 19, 2011 Things i would like to see in your reply:Malwarebytes Results.Eset scanner report.Update on how your computer is runningMalwarebytes ResultsMalwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7194Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 7.0.5730.137/18/2011 7:23:30 PMmbam-log-2011-07-18 (19-23-19).txtScan type: Quick scanObjects scanned: 175207Time elapsed: 2 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Eset scanner reportESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-07-19 12:51:10# local_time=2011-07-18 08:51:10 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5891 16776550 42 87 0 22141009 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=233920# found=5# cleaned=5# scan_time=4124C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\bfgippgejeccnchedleabjblogcilapa\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 Cesets_scanner_update returned -1 esets_gle=53251These two scans, as you can see, found and quarantined and removed some Viruses...However, my PC is still behaving the same.EXE's are failing as Windows reports that there are no EXE's to launch them; and its very difficult to launch some applications, while others just refuse to launch at all... Also still getting some random message about a missing Java file while trying to open Firefox Browser.Some of these, I can get around and launch as when I try to initially, it asks me what application I want to use, to launch the application I was trying to launch. I click the browse button, and go and search, manually, for the App's actual EXE and force it to launch itself that way by telling it to use its own EXE to launch itself. But that does not work with everything.Lastly, sorry took a little while to respond. I will follow up, tomorrow, with anything else you suggest! Link to post Share on other sites More sharing options...
aliB Posted July 19, 2011 ID:455698 Share Posted July 19, 2011 hiStep 1Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.Step 2Update MalwareBytes AntiMalware and Run a Quick Scan.Post the log it producesYou did not remove what Malwarebytes found in the previous scan, make sure when the scan is done to click on "Show results" then select all infection(s) and click on Remove selected.Things I would like to see in your reply:OTL logMBAM log Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 20, 2011 Author ID:455982 Share Posted July 20, 2011 Things I would like to see in your reply:OTL logMBAM logMBAM LogMalwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7194Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 7.0.5730.137/19/2011 7:50:44 PMmbam-log-2011-07-19 (19-50-44).txtScan type: Quick scanObjects scanned: 175207Time elapsed: 2 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)OTL ReportOTL logfile created on: 7/19/2011 7:46:19 PM - Run 3OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 89.65% Memory free4.09 Gb Paging File | 3.93 Gb Available in Paging File | 95.94% Paging File freePaging file location(s): C:\pagefile.sys 1023 2046 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 931.50 Gb Total Space | 693.75 Gb Free Space | 74.48% Space Free | Partition Type: NTFSDrive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 97.07% Space Free | Partition Type: FATComputer Name: BLACKIE | User Name: Administrator | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exePRC - [2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scrPRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe========== Modules (SafeList) ==========MOD - [2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exeMOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- -- (WmiApSrv32)SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)========== Driver Services (SafeList) ==========DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M][2011/07/18 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions[2011/07/18 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u4rwnzui.default\extensions[2011/07/18 21:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2010/02/11 21:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FFO1 HOSTS File: ([2011/07/17 18:37:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not foundO2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [AudioDrvEmulator] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Key error. - Reg Error: Key error. File not foundO24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]O33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/07/18 19:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2011/07/18 19:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe[2011/07/18 19:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla[2011/07/18 19:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla[2011/07/17 18:37:25 | 000,000,000 | ---D | C] -- C:\_OTL[2011/07/17 18:20:38 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe[2011/07/17 14:11:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2011/07/17 14:11:29 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll========== Files - Modified Within 30 Days ==========[2011/07/19 19:47:40 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/07/19 19:47:40 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/07/19 19:43:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/07/19 02:36:13 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011/07/19 02:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job[2011/07/19 00:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2011/07/19 00:41:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011/07/17 19:16:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat[2011/07/17 18:37:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts[2011/07/17 18:21:22 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe[2011/07/17 13:12:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2011/07/17 13:12:30 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTH.scr[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys========== Files Created - No Company Name ==========[2011/07/17 19:16:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat[2011/07/16 12:32:46 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.exe[2011/07/16 12:28:01 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.scr[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== LOP Check ==========[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job[2011/07/19 00:45:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job[2011/07/15 09:26:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 20, 2011 Author ID:455984 Share Posted July 20, 2011 After the above scans... The system is still behaving the same. I believe the Registry may have gotten corrupted somehow from one of these viruses before it was caught and cleaned off, as many of my applications are still giving me problems while trying to launch them, often resulting from Windows claiming that there are no EXE's available to launch said applications; even though the EXE's for those applications ARE in their installed folders. I am considering doing a System Restore to a point previous to all this, but I will wait for you to advise further; as I am fearful that if I do, do such a system restore, then it might restore some of the viruses as well... Link to post Share on other sites More sharing options...
aliB Posted July 20, 2011 ID:456095 Share Posted July 20, 2011 hicould you please post exactly what error occurs when running .exe' ?Is it happening always? with all .exe 's ? Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 20, 2011 Author ID:456165 Share Posted July 20, 2011 Every application I try to launch... every one... Windows pops up a box saying that there is no EXE to launch the application with, and it asks me to chose from a list of other Applications what I want to use to launch my chosen Application with. It also gives me the option to click a "browse" button so I can go search and select a different App thats not on the list.For example, I want to launch MSPaint!It pops up a box telling me to chose what Application I want to use, to launch MSPaint.If I scroll down through the list, MSPaint itself is listed. If I select that, and tell it to use MSPaint to launch MSPaint; it will either launch the application that I want, or it will give me a different error and tell me that the EXE I selected is not a valid Win32 Application.I wish, I could provide you with screenshots of this, but I can't even save any such screenshots because I can't even get MSPaint to launch due to this problem. I can only get a few programs to launch...The best I can do is refer some webpage links with some examples; and so refer to Figure 3 Picture on THIS PAGE.Clearly it would seem Windows has lost all its File Associations with ALL my Applications.ALSO.All my ICONS loaded into the lower right corner by the Clock, are all gone. None of them will load now, except for the standard Windows audio control (which I can not open due to this problem)and the standard Windows Security Center shield that usually controls the built-in Firewall and monitors anti-virus status, etc... and not thats not a fake one, I'm fairly sure that is the legit one. I can not launch it either though.When I try to launch it, I get... "C:/windows/system32/rundll32.exeApplicaion not found"I get that on a lot of applications, while others tell me they are not valid Win32 Applications.Sometimes, when it asks me to chose what Application I want to use, to launch what I am trying to launch... for example, I want to launch Firefox Browser, I can scroll the list and select Firefox launch itself, and it will work. But that doesn't always work with all Apps. Link to post Share on other sites More sharing options...
aliB Posted July 20, 2011 ID:456179 Share Posted July 20, 2011 hiDownload SREngExtract it to Desktop and double click SREngLdr.EXE to run itSelect System Repair from the left pane.Click on File AssociationSelect all entries that has an Error status click [Repair]Refer to this image for an example:Close SREng now. Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 21, 2011 Author ID:456344 Share Posted July 21, 2011 So far, so good!That has fixed about 99% of the issues I was having, and the System is now functioning as it should be. We've even fixed a random problem that I had been experiencing for some time now but wasn't all that serious of a problem to warrant me worrying about.I can also now run, and update all my security software from the Primary User Account, instead of having to go into Safe Mode as Administrator; and since the Primary User Account is the one that has had all the problems, then I updated its own installation of Malwarebytes and run another Quick Scan.The following, is a the result of that Quick Scan!Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7216Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.137/20/2011 7:46:16 PMmbam-log-2011-07-20 (19-46-16).txtScan type: Quick scanObjects scanned: 178163Time elapsed: 5 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\122115331 (Trojan.FakeAlert) -> Value: 122115331 -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)That, looks a little familiar to me as it relates to another minor problem that I've experienced of late; in that I would every couple of weeks have Windows pop up and claim its not a Legit Copy of Windows, when I know it is. Usually when thats happened, I just rebooted the machine and it would OK after that. Never considered, that such might have had something to do with a Virus. It would appear, that last one was a "fake Version alert" which was doing this...Ironically... All these problems, started about the same time as when I replaced my AVG with the newer Microsoft Security Essentials!I may attempt some further Scans, etc thoughout the Evening to make sure everything is functioning properly... and will follow up here with any further recommendations you may have! Link to post Share on other sites More sharing options...
aliB Posted July 21, 2011 ID:456459 Share Posted July 21, 2011 I strongly advise you to purchase the PRO version of Malwarebytes Anti-Malware, along with Microsoft Security Essentials they form a great combination.now Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 21, 2011 Author ID:456462 Share Posted July 21, 2011 OTL logfile created on: 7/21/2011 3:55:18 AM - Run 4OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\*****\Desktop\Security Tools - Update & Run Weekly!Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 65.10% Memory free4.09 Gb Paging File | 3.06 Gb Available in Paging File | 74.73% Paging File freePaging file location(s): C:\pagefile.sys 1023 2046 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 931.50 Gb Total Space | 693.69 Gb Free Space | 74.47% Space Free | Partition Type: NTFSDrive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive Z: | 189.42 Gb Total Space | 120.04 Gb Free Space | 63.37% Space Free | Partition Type: NTFSComputer Name: BLACKIE | User Name: *****| Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/07/17 13:12:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\OTL.exePRC - [2011/06/30 18:53:21 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEPRC - [2011/06/23 03:09:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exePRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exePRC - [2010/09/07 18:28:50 | 000,355,432 | ---- | M] () -- C:\Program Files\EVGA Precision\EVGAPrecision.exePRC - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exePRC - [2010/02/11 21:32:54 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exePRC - [2009/11/12 19:52:16 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exePRC - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exePRC - [2009/01/20 23:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exePRC - [2009/01/20 23:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exePRC - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exePRC - [2009/01/20 23:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exePRC - [2008/08/22 14:40:30 | 000,277,008 | ---- | M] () -- C:\Documents and Settings\Corey\Desktop\Benchmarks and Monitors\Core Temp\Core Temp.exePRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exePRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exePRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exePRC - [2006/03/29 16:28:44 | 003,604,480 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\WinTV2K.EXEPRC - [2005/09/23 16:07:00 | 007,551,077 | ---- | M] (Mozilla.org) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe========== Modules (SafeList) ==========MOD - [2011/07/17 13:12:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\OTL.exeMOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dllMOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dllMOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dllMOD - [1999/04/27 01:26:10 | 000,011,264 | ---- | M] (Hauppauge Computer Works) -- C:\WINDOWS\system32\hcwhook.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- -- (WmiApSrv32)SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)SRV - [2010/05/10 20:35:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)SRV - [2009/05/06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)SRV - [2009/02/23 00:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)SRV - [2009/01/20 23:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)DRV - [2011/07/20 20:42:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl31db5246.sys -- (MpKsl31db5246)DRV - [2010/05/25 19:13:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/04/07 19:31:40 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)DRV - [2010/03/17 16:40:12 | 005,878,304 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2009/11/18 07:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/18 07:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/08/25 23:44:44 | 001,025,920 | R--- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)DRV - [2009/03/28 13:07:58 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)DRV - [2009/03/28 13:07:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)DRV - [2009/03/28 13:07:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)DRV - [2009/03/28 13:07:47 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2009/03/10 16:49:15 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)DRV - [2009/03/10 16:49:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)DRV - [2009/01/08 03:37:56 | 001,221,144 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)DRV - [2009/01/08 03:37:14 | 001,178,136 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)DRV - [2009/01/08 03:36:29 | 000,095,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)DRV - [2009/01/08 03:35:37 | 000,159,256 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2009/01/08 03:34:45 | 000,014,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)DRV - [2009/01/08 03:34:13 | 000,129,560 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2009/01/08 03:32:46 | 000,535,064 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)DRV - [2009/01/08 03:31:31 | 000,511,000 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)DRV - [2009/01/08 03:30:53 | 001,353,240 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)DRV - [2009/01/08 03:29:25 | 000,073,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)DRV - [2009/01/08 03:28:51 | 000,198,168 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)DRV - [2008/04/24 10:18:49 | 000,038,560 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2008/04/24 10:18:48 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2008/04/24 10:18:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2008/04/24 10:18:48 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)DRV - [2007/12/14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)DRV - [2006/11/09 18:50:32 | 001,456,352 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWUSB2.sys -- (iComp)DRV - [2005/11/03 15:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)DRV - [2005/11/03 15:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2005/11/03 15:18:50 | 000,014,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)DRV - [2005/11/03 15:18:42 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)DRV - [2005/07/13 05:18:50 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)DRV - [2005/05/25 15:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)DRV - [2004/07/09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 3C D4 0D E7 28 59 45 8A D9 F2 67 6A 04 4A 0A [binary data]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://home.comcast.net/~nazgaull/"FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {da02f5b3-bf4f-4f85-b123-6c152d8e1810}:1.0FF - prefs.js..extensions.enabledItems: {4961cdc2-4386-47a1-a7c8-cebc96db3e52}:1.0FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not foundFF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Corey\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not foundFF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Corey\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:23:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 03:09:12 | 000,000,000 | ---D | M][2010/04/26 04:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Extensions[2011/07/20 21:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (QuickTabPrefToggle) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{04352C84-9AC6-4d2f-A518-AB0962D62FA1}[2010/04/27 19:11:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2011/07/18 19:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}[2011/06/29 18:00:10 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{a0f7b384-a625-4ba8-82cb-e33d6d2fd021}[2011/07/18 19:46:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}[2010/04/26 04:45:18 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\noia2_option@kk.noia[2011/07/16 19:49:23 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\searchplugins\dictionarycom.xml[2008/06/24 09:45:31 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\searchplugins\wikipedia-en.xml[2011/07/20 21:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/06/06 19:07:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2010/02/11 21:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FFO1 HOSTS File: ([2011/07/17 18:37:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not foundO2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [AudioDrvEmulator] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not foundO4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [RTHDCPL] File not foundO4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG)O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)O4 - HKCU..\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)O4 - HKCU..\Run: [Core Temp] C:\Documents and Settings\Corey\Desktop\Benchmarks and Monitors\Core Temp\Core Temp.exe ()O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()O4 - HKCU..\Run: [EA Core] File not foundO4 - HKCU..\Run: [Google Update] File not foundO4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)O4 - HKCU..\Run: [NVIDIA nTune] File not foundO4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236716978109 (WUWebControl Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - Reg Error: Key error. File not foundO20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - Reg Error: Key error. File not foundO24 - Desktop WallPaper: C:\Documents and Settings\Corey\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Corey\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/03/10 11:44:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]O33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exeO33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O35 - HKCU\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/07/18 19:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[2011/07/17 18:37:25 | 000,000,000 | ---D | C] -- C:\_OTL[2011/07/09 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corey\Local Settings\Application Data\Firestorm[2011/07/09 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corey\Application Data\Firestorm[2011/07/09 23:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta[2011/07/01 21:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2009/05/09 17:22:12 | 000,012,800 | R--- | C] ( ) -- C:\WINDOWS\System32\killapps.exe[2005/08/07 18:13:46 | 000,014,336 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll[1 C:\Documents and Settings\Corey\*.tmp files -> C:\Documents and Settings\Corey\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/07/21 03:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011/07/21 03:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003UA.job[2011/07/20 21:10:51 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Corey\Desktop\Jasmine at Sandy Springs Apartments in Sandy Springs, GA Lyon Communities.URL[2011/07/20 20:47:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2011/07/20 20:46:21 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/07/20 20:46:21 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/07/20 20:42:24 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011/07/20 20:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/07/20 19:36:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\WinTV2K.job[2011/07/18 22:39:32 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Corey\Desktop\Malwarebytes Forum.URL[2011/07/17 18:37:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts[2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57[2011/07/14 20:25:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/07/10 15:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-507921405-1801674531-1003Core.job[2011/07/07 00:23:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\cdplayer.ini[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[1 C:\Documents and Settings\Corey\*.tmp files -> C:\Documents and Settings\Corey\*.tmp -> ]========== Files Created - No Company Name ==========[2011/07/20 21:10:51 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Corey\Desktop\Jasmine at Sandy Springs Apartments in Sandy Springs, GA Lyon Communities.URL[2011/07/17 05:08:58 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Corey\Desktop\Malwarebytes Forum.URL[2011/07/16 03:21:25 | 000,013,710 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57[2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\747073s32x2s4it14g[2011/05/02 20:46:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\housecall.guid.cache[2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\jd0304a8d3q3q1q3u[2011/04/08 22:03:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010/08/19 23:11:56 | 000,043,551 | ---- | C] () -- C:\WINDOWS\scunin.dat[2010/07/03 17:37:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\prvlcl.dat[2010/07/02 10:03:17 | 000,121,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/06/30 21:08:34 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2010/06/30 21:08:32 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2010/06/30 21:08:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2010/04/26 04:48:34 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe[2010/04/26 04:48:24 | 000,003,669 | ---- | C] () -- C:\WINDOWS\mozver.dat[2010/04/24 21:59:30 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini[2010/04/24 21:21:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe[2010/03/18 00:48:39 | 000,003,108 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini[2010/03/17 19:58:54 | 000,009,760 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll[2010/03/08 21:17:43 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2010/03/08 21:17:43 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Corey\Application Data\PnkBstrK.sys[2010/03/08 21:17:26 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe[2010/03/08 21:17:25 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe[2010/03/08 21:17:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe[2010/02/20 17:35:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll[2009/12/29 20:14:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll[2009/12/29 20:13:18 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini[2009/12/06 04:52:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\game.ini[2009/12/01 22:48:33 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2009/11/10 03:58:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\fusioncache.dat[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2009/11/05 23:54:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\CALIGARI.INI[2009/10/30 19:27:12 | 000,000,964 | ---- | C] () -- C:\WINDOWS\eReg.dat[2009/10/30 02:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009/08/08 18:26:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2009/06/02 01:44:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini[2009/05/09 17:22:12 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\enlocstr.exe[2009/05/09 17:22:12 | 000,000,321 | R--- | C] () -- C:\WINDOWS\System32\kill.ini[2009/05/09 17:22:02 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\regplib.exe[2009/05/09 17:22:00 | 000,384,428 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat[2009/05/09 17:22:00 | 000,051,787 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat[2009/05/09 17:22:00 | 000,027,273 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini[2009/05/09 17:22:00 | 000,002,560 | R--- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll[2009/05/09 17:22:00 | 000,000,054 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2009/05/08 18:56:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2009/04/19 22:45:41 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf[2009/04/19 22:45:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini[2009/04/12 15:31:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2009/03/12 23:08:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2009/03/12 23:08:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2009/03/12 23:08:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2009/03/12 23:08:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2009/03/12 23:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2009/03/12 00:20:29 | 000,000,450 | ---- | C] () -- C:\WINDOWS\CTWave32.INI[2009/03/12 00:11:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI[2009/03/11 21:44:24 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/03/11 04:55:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini[2009/03/11 04:55:06 | 000,031,792 | ---- | C] () -- C:\WINDOWS\Irremote.ini[2009/03/11 04:55:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll[2009/03/11 04:53:04 | 000,003,130 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI[2009/03/11 04:51:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll[2009/03/10 17:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/03/10 16:49:15 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys[2009/03/10 16:49:15 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys[2009/03/10 14:56:51 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys[2009/03/10 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2009/03/10 13:29:54 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini[2009/03/10 11:50:53 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin[2009/03/10 11:46:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2009/03/10 11:41:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2009/03/10 06:36:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2009/03/10 06:33:32 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009/01/08 01:33:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== LOP Check ==========[2009/03/28 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis[2011/06/09 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aF28321NbDbH28321[2011/03/15 10:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2010/01/22 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts[2009/04/21 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios[2011/02/10 04:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX[2009/12/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mufin[2010/03/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2010/01/01 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith[2009/03/30 20:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}[2009/03/28 13:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Acronis[2009/05/13 10:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Blender Foundation[2011/07/21 03:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\DNA[2011/07/09 23:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Firestorm[2010/06/16 22:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Folding@home-x86[2009/12/09 20:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\GetRightToGo[2010/10/29 22:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\gtk-2.0[2009/03/12 23:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\InterVideo[2009/08/02 12:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Kirstens S18[2009/04/19 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Leadertech[2011/02/10 04:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\MAGIX[2009/03/16 20:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\OpenOffice.org[2010/06/11 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\SecondLife[2011/01/16 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Sony Online Entertainment[2010/04/24 22:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\SPORE[2010/04/26 05:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Thunderbird[2010/11/15 23:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Turbine[2011/03/31 00:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Unity[2009/11/03 10:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Wings3D[2011/05/07 05:35:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\App_Close.job[2011/05/02 04:21:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DVD Alarm.job[2011/07/20 20:47:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job[2011/07/20 19:36:17 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\WinTV2K.job========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
aliB Posted July 21, 2011 ID:456464 Share Posted July 21, 2011 hiStep 1Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 3C D4 0D E7 28 59 45 8A D9 F2 67 6A 04 4A 0A [binary data][2011/07/18 19:46:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}[2011/07/18 19:46:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not foundO33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exeO33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)[2011/07/16 03:28:29 | 000,013,710 | -HS- | M] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57[2011/05/21 00:02:53 | 000,013,828 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\747073s32x2s4it14g[2011/05/01 18:38:47 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\Corey\Local Settings\Application Data\jd0304a8d3q3q1q3u:Filesipconfig /flushdns /c:Commands[purity][resethosts][emptytemp][EMPTYFLASH][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is doneOpen OTL again and click the Quick Scan button. Post the log it produces in your next reply.Step 2Download ComboFix here :Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable themClick meDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.Things I would like to see in your reply:OTL logCombofix.txt Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 22, 2011 Author ID:456851 Share Posted July 22, 2011 Things I would like to see in your reply:OTL logCombofix.txtOTL LogAll processes killed========== OTL ==========HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\defaults\preferences folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\defaults folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52} folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\defaults\preferences folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\defaults folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome folder moved successfully.C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810} folder moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520e930c-0db3-11de-a4e0-806d6172696f}\ not found.File D:\Autorun.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.File move failed. D:\SETUP.EXE scheduled to be moved on reboot.C:\Documents and Settings\Corey\Local Settings\Application Data\180676m7u7426jofutj5plxox57 moved successfully.C:\Documents and Settings\Corey\Local Settings\Application Data\747073s32x2s4it14g moved successfully.C:\Documents and Settings\Corey\Local Settings\Application Data\jd0304a8d3q3q1q3u moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\cmd.bat deleted successfully.C:\Documents and Settings\Corey\Desktop\Security Tools - Update & Run Weekly!\cmd.txt deleted successfully.========== COMMANDS ==========C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully[EMPTYTEMP]User: Administrator->Temp folder emptied: 294912 bytes->Temporary Internet Files folder emptied: 4858582 bytes->FireFox cache emptied: 34950588 bytesUser: All UsersUser: Corey->Temp folder emptied: 2963392 bytes->Temporary Internet Files folder emptied: 14559587 bytes->Java cache emptied: 488 bytes->FireFox cache emptied: 90559987 bytes->Google Chrome cache emptied: 1931610 bytes->Flash cache emptied: 1202 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService->Temp folder emptied: 43154 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: Will->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytes->Flash cache emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 41067 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 87492388 bytesTotal Files Cleaned = 227.00 mb[EMPTYFLASH]User: AdministratorUser: All UsersUser: Corey->Flash cache emptied: 0 bytesUser: Default UserUser: LocalServiceUser: NetworkServiceUser: Will->Flash cache emptied: 0 bytesTotal Flash Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.26.1 log created on 07212011_185650Files\Folders moved on Reboot...File move failed. D:\SETUP.EXE scheduled to be moved on reboot.Registry entries deleted on Reboot...Combofix.txtComboFix 11-07-21.02 - Corey 07/21/2011 19:19:17.1.4 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2551 [GMT -4:00]Running from: c:\documents and settings\Corey\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Corey\WINDOWSc:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome\xulcache.jarc:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\defaults\preferences\xulcache.jsc:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\install.rdfc:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome\xulcache.jarc:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\defaults\preferences\xulcache.jsc:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\install.rdfC:\Install.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_WMIAPSRV32-------\Service_WmiApSrv32..((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))..2011-07-20 00:14 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\mpengine.dll2011-07-18 23:38 . 2011-07-18 23:38 -------- d-----w- c:\program files\ESET2011-07-18 23:24 . 2011-07-18 23:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2011-07-17 22:37 . 2011-07-17 22:37 -------- d-----w- C:\_OTL2011-07-17 17:12 . 2011-07-17 17:12 0 ---ha-w- c:\documents and settings\Corey\ggcubzfynp.tmp2011-07-10 03:06 . 2011-07-10 07:18 -------- d-----w- c:\documents and settings\Corey\Local Settings\Application Data\Firestorm2011-07-10 03:06 . 2011-07-10 03:07 -------- d-----w- c:\documents and settings\Corey\Application Data\Firestorm...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-06 23:52 . 2009-03-10 18:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-06 23:52 . 2009-03-10 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-06-07 15:55 . 2011-05-13 00:29 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-05-24 23:14 . 2011-05-04 23:29 222080 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Core Temp"="c:\documents and settings\Corey\Desktop\Benchmarks and Monitors\Core Temp\Core Temp.exe" [2008-08-22 277008]"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]"CTxfiHlp"="CTXFIHLP.EXE" [2009-01-08 24576]"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2010-09-07 355432]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-12 149280]"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]"TrayServer"="c:\progra~1\MAGIX\MOVIE_~2\TrayServer.exe" [2008-11-13 90112]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADUANgA4ADEAOAA1ADUALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQANAAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA∏=90&ver=9.0.894" [?].c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-7 805392].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\My Games\\Unreal Tournament 3\\Binaries\\UT3.exe"="c:\\Program Files\\My Games\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="c:\\Program Files\\My Games\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="c:\\Program Files\\My Games\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="c:\\Program Files\\My Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="c:\\Program Files\\My Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\Program Files\\My Games\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"="c:\\Program Files\\Flagship Studios\\Hellgate London Demo\\Launcher.exe"="c:\\Program Files\\My Games\\Microsoft Games\\Halo\\halo.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\My Games\\3DO\\Heroes3\\H3BLADE.icd"="c:\\Program Files\\My Games\\Electronic Arts\\American McGee's Alice\\alice.exe"="c:\\Program Files\\My Games\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"="c:\\Program Files\\My Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="c:\\Program Files\\My Games\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"="c:\\Program Files\\My Games\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\My Games\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\My Games\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"="c:\\Program Files\\My Games\\Rockstar Games\\Grand Theft Auto IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"="c:\\Program Files\\My Games\\Rockstar Games\\Grand Theft Auto IV\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\My Games\\Activision\\Transformers - War for Cybertron\\Binaries\\TWFC.exe"="c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="c:\\Program Files\\My Games\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="c:\\Program Files\\My Games\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="c:\\Program Files\\Second Life Viewers\\Phoenix Viewer\\PhoenixViewer.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/10/2009 2:13 PM 1872320]R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [5/6/2009 7:53 PM 1220608]R3 ALSysIO;ALSysIO;\??\c:\docume~1\Corey\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Corey\LOCALS~1\Temp\ALSysIO.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/12/2009 11:02 PM 38560]R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 3:39 PM 4608]S1 MpKsl6008da0e;MpKsl6008da0e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6008da0e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6008da0e.sys [?]S1 MpKsl6d975210;MpKsl6d975210;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6d975210.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3215EA32-B8EF-42D7-9D30-1AA5AF408F14}\MpKsl6d975210.sys [?]S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2/23/2009 12:21 AM 69632]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2010 7:11 PM 136176]S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [3/17/2010 7:59 PM 1025920]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/24/2010 9:41 PM 1691480]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2009 5:21 PM 198168]S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2009 5:21 PM 198168]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2009 5:21 PM 1353240]S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2009 5:21 PM 1353240]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2009 5:21 PM 73752]S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2009 5:21 PM 73752]S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [10/15/2009 7:39 PM 9216]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2010 7:11 PM 136176]S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [5/9/2009 5:21 PM 1221144]S3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [3/11/2009 4:51 AM 1456352]S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WUAUSERV.Contents of the 'Scheduled Tasks' folder.2011-05-07 c:\windows\Tasks\App_Close.job- c:\documents and settings\Corey\Desktop\App_Close.bat [2011-01-17 09:22].2011-05-02 c:\windows\Tasks\DVD Alarm.job- c:\program files\InterVideo\DVD7\WinDVD.exe [2009-03-13 06:41].2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 23:11].2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 23:11].2011-07-21 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26].2011-07-20 c:\windows\Tasks\WinTV2K.job- c:\program files\WinTV\WinTV2K.EXE [2010-04-25 20:28]..------- Supplementary Scan -------.uStart Page = hxxp://192.168.1.1/mStart Page = hxxp://www.comcast.net/mWindow Title = Windows Internet Explorer provided by ComcastuInternet Settings,ProxyOverride = <local>Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 68.87.68.166 68.87.74.166FF - ProfilePath - c:\documents and settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=FF - prefs.js: browser.startup.homepage - hxxp://home.comcast.net/~nazgaull/FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noiaFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff.- - - - ORPHANS REMOVED - - - -.HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exeHKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exeHKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exeHKLM-Run-Malwarebytes' Anti-Malware (reboot) - e:\malwarebytes' anti-malware\mbam.exeHKU-Default-RunOnce-SetDefaultMIDI - MIDIDEF.EXENotify-avgrsstarter - avgrsstx.dllAddRemove-Blender - f:\blender foundation\Blender\uninstall.exeAddRemove-Evil Genius_is1 - c:\program files\My Games\VUGames\Evil Genius\unins000.exeAddRemove-WinGimp-2.0_is1 - f:\gimp-2.0\setup\unins000.exeAddRemove-Wings 3D 1.0.2 - f:\wings3d_1.0.2\Uninstall.exeAddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Corey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-07-21 19:25Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-606747145-507921405-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"??"=hex:f6,7a,19,0d,7c,c4,fc,b7,d1,98,29,19,1b,c3,ba,4c,57,dd,3e,fc,95,60,a2, 0d,6b,6f,a8,97,3c,51,d8,73,a6,0e,a0,3c,e7,83,6a,4f,0e,4e,12,25,7d,0e,cf,80,\"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49.[HKEY_USERS\S-1-5-21-606747145-507921405-1801674531-1003\Software\SecuROM\License information*]"datasecu"=hex:b2,7f,81,95,77,f7,e2,1d,6b,ee,29,32,16,bb,23,cb,3d,cd,9f,26,30, c3,05,8d,d8,04,9b,d3,10,12,ae,49,d6,20,b3,0e,be,fb,24,db,73,d3,c0,bb,82,e9,\"rkeysecu"=hex:01,1a,8d,69,e9,1f,8d,84,8a,a8,ea,c1,1a,66,a6,e9.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]@DACL=(02 0000)@="Wireless""ProcessGroupPolicy"="ProcessWIRELESSPolicy""DllName"=expand:"gptext.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]@DACL=(02 0000)@="Group Policy Environment""ProcessGroupPolicy"="ProcessGroupPolicyEnviron""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyEnviron""ProcessGroupPolicyEx 0"="""EventSources"="(Group Policy Environment,Application)""DisplayName"=expand:"@gpprefcl.dll,-1""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]@DACL=(02 0000)@="Group Policy Local Users and Groups""ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups""ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups""EventSources"="(Group Policy Local Users and Groups,Application)""DisplayName"=expand:"@gpprefcl.dll,-2""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]@DACL=(02 0000)@="Group Policy Device Settings""ProcessGroupPolicy"="ProcessGroupPolicyDevices""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyDevices""ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices""EventSources"="(Group Policy Device Settings,Application)""DisplayName"=expand:"@gpprefcl.dll,-3""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]@DACL=(02 0000)@="Folder Redirection""ProcessGroupPolicyEx"="ProcessGroupPolicyEx""DllName"=expand:"fdeploy.dll""NoMachinePolicy"=dword:00000001"NoSlowLink"=dword:00000001"PerUserLocalSettings"=dword:00000001"NoGPOListChanges"=dword:00000000"NoBackgroundPolicy"=dword:00000000"GenerateGroupPolicy"="GenerateGroupPolicy""EventSources"=multi:"(Folder Redirection,Application)\00\00".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]@DACL=(02 0000)@="Microsoft Disk Quota""NoMachinePolicy"=dword:00000000"NoUserPolicy"=dword:00000001"NoSlowLink"=dword:00000001"NoBackgroundPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001"PerUserLocalSettings"=dword:00000000"RequiresSuccessfulRegistry"=dword:00000001"EnableAsynchronousProcessing"=dword:00000000"DllName"=expand:"dskquota.dll""ProcessGroupPolicy"="ProcessGroupPolicy".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]@DACL=(02 0000)@="Group Policy Network Options""ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions""ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions""EventSources"="(Group Policy Network Options,Application)""DisplayName"=expand:"@gpprefcl.dll,-4""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]@DACL=(02 0000)@="QoS Packet Scheduler""ProcessGroupPolicy"="ProcessPSCHEDPolicy""DllName"=expand:"gptext.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]@DACL=(02 0000)@="Scripts""ProcessGroupPolicy"="ProcessScriptsGroupPolicy""ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx""GenerateGroupPolicy"="GenerateScriptsGroupPolicy""DllName"=expand:"gptext.dll""NoSlowLink"=dword:00000001"NoGPOListChanges"=dword:00000001"NotifyLinkTransition"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]@DACL=(02 0000)@="Internet Explorer Zonemapping""DllName"=expand:"iedkcs32.dll""ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap""NoGPOListChanges"=dword:00000001"RequiresSucessfulRegistry"=dword:00000001"DisplayName"=expand:"@iedkcs32.dll,-3051".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]@DACL=(02 0000)@="Group Policy Drive Maps""ProcessGroupPolicy"="ProcessGroupPolicyDrives""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyDrives""ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives""EventSources"="(Group Policy Drive Maps,Application)""DisplayName"=expand:"@gpprefcl.dll,-5""PerUserLocalSettings"=dword:00000001"NoBackgroundPolicy"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]@DACL=(02 0000)@="Group Policy Folders""ProcessGroupPolicy"="ProcessGroupPolicyFolders""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyFolders""ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders""EventSources"="(Group Policy Folders,Application)""DisplayName"=expand:"@gpprefcl.dll,-6""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"="".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]@DACL=(02 0000)@="Group Policy Network Shares""ProcessGroupPolicy"="ProcessGroupPolicyNetShares""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyNetShares""ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares""EventSources"="(Group Policy Network Shares,Application)""DisplayName"=expand:"@gpprefcl.dll,-7""NoUserPolicy"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]@DACL=(02 0000)@="Group Policy Files""ProcessGroupPolicy"="ProcessGroupPolicyFiles""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyFiles""ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles""EventSources"="(Group Policy Files,Application)""DisplayName"=expand:"@gpprefcl.dll,-8""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]@DACL=(02 0000)@="Group Policy Data Sources""ProcessGroupPolicy"="ProcessGroupPolicyDataSources""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyDataSources""ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources""EventSources"="(Group Policy Data Sources,Application)""DisplayName"=expand:"@gpprefcl.dll,-9""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]@DACL=(02 0000)@="Group Policy Ini Files""ProcessGroupPolicy"="ProcessGroupPolicyIniFile""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyIniFile""ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile""EventSources"="(Group Policy Ini Files,Application)""DisplayName"=expand:"@gpprefcl.dll,-10""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]@DACL=(02 0000)"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO""GenerateGroupPolicy"="SceGenerateGroupPolicy""ExtensionRsopPlanningDebugLevel"=dword:00000001"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx""ExtensionDebugLevel"=dword:00000001"DllName"=expand:"scecli.dll"@="Security""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001"MaxNoGPOListChangesInterval"=dword:000003c0.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]@DACL=(02 0000)@="Group Policy Services""ProcessGroupPolicy"="ProcessGroupPolicyServices""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyServices""ProcessGroupPolicyEx"="ProcessGroupPolicyExServices""EventSources"="(Group Policy Services,Application)""DisplayName"=expand:"@gpprefcl.dll,-11""EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]@DACL=(02 0000)"ProcessGroupPolicyEx"="ProcessGroupPolicyEx""GenerateGroupPolicy"="GenerateGroupPolicy""ProcessGroupPolicy"="ProcessGroupPolicy""DllName"="iedkcs32.dll"@="Internet Explorer Branding""NoSlowLink"=dword:00000001"NoBackgroundPolicy"=dword:00000000"NoGPOListChanges"=dword:00000001"NoMachinePolicy"=dword:00000001"DisplayName"=expand:"@iedkcs32.dll,-3014".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]@DACL=(02 0000)@="Group Policy Folder Options""ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions""ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions""EventSources"="(Group Policy Folder Options,Application)""DisplayName"=expand:"@gpprefcl.dll,-12""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]@DACL=(02 0000)@="Group Policy Scheduled Tasks""ProcessGroupPolicy"="ProcessGroupPolicySchedTasks""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicySchedTasks""ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks""EventSources"="(Group Policy Scheduled Tasks,Application)""DisplayName"=expand:"@gpprefcl.dll,-13""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]@DACL=(02 0000)@="Group Policy Registry""ProcessGroupPolicy"="ProcessGroupPolicyRegistry""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyRegistry""ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry""EventSources"="(Group Policy Registry,Application)""DisplayName"=expand:"@gpprefcl.dll,-14""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]@DACL=(02 0000)"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO""DllName"=expand:"scecli.dll"@="EFS recovery""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001"RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]@DACL=(02 0000)@="802.3 Group Policy""DisplayName"=expand:"@dot3gpclnt.dll,-100""ProcessGroupPolicyEx"="ProcessLANPolicyEx""GenerateGroupPolicy"="GenerateLANPolicy""DllName"=expand:"dot3gpclnt.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]@DACL=(02 0000)@="Group Policy Printers""ProcessGroupPolicy"="ProcessGroupPolicyPrinters""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyPrinters""ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters""EventSources"="(Group Policy Printers,Application)""DisplayName"=expand:"@gpprefcl.dll,-16""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]@DACL=(02 0000)@="Group Policy Shortcuts""ProcessGroupPolicy"="ProcessGroupPolicyShortcuts""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyShortcuts""ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts""EventSources"="(Group Policy Shortcuts,Application)""DisplayName"=expand:"@gpprefcl.dll,-17""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]@DACL=(02 0000)@="Microsoft Offline Files""DllName"=expand:"%SystemRoot%\\System32\\cscui.dll""EnableAsynchronousProcessing"=dword:00000000"NoBackgroundPolicy"=dword:00000000"NoGPOListChanges"=dword:00000000"NoMachinePolicy"=dword:00000000"NoSlowLink"=dword:00000000"NoUserPolicy"=dword:00000001"PerUserLocalSettings"=dword:00000000"ProcessGroupPolicy"="ProcessGroupPolicy""RequiresSuccessfulRegistry"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]@DACL=(02 0000)@="Software Installation""DllName"=expand:"appmgmts.dll""ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx""GenerateGroupPolicy"="GenerateGroupPolicy""NoBackgroundPolicy"=dword:00000000"RequiresSucessfulRegistry"=dword:00000000"NoSlowLink"=dword:00000001"PerUserLocalSettings"=dword:00000001"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]@DACL=(02 0000)@="IP Security""ProcessGroupPolicy"="ProcessIPSECPolicy""DllName"=expand:"gptext.dll""NoUserPolicy"=dword:00000001"NoGPOListChanges"=dword:00000000.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]@DACL=(02 0000)@="Group Policy Internet Settings""ProcessGroupPolicy"="ProcessGroupPolicyShortcuts""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyInternet""ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet""EventSources"="(Group Policy Internet Settings,Application)""DisplayName"=expand:"@gpprefcl.dll,-18""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]@DACL=(02 0000)@="Group Policy Start Menu Settings""ProcessGroupPolicy"="ProcessGroupPolicyStartMenu""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyStartMenu""ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu""EventSources"="(Group Policy Start Menu Settings,Application)""DisplayName"=expand:"@gpprefcl.dll,-19""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]@DACL=(02 0000)@="Group Policy Regional Options""ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions""ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions""EventSources"="(Group Policy Regional Options,Application)""DisplayName"=expand:"@gpprefcl.dll,-20""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]@DACL=(02 0000)@="Group Policy Power Options""ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions""ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions""EventSources"="(Group Policy Power Options,Application)""DisplayName"=expand:"@gpprefcl.dll,-21""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]@DACL=(02 0000)@="Group Policy Applications""ProcessGroupPolicy"="ProcessGroupPolicyApplications""DllName"=expand:"gpprefcl.dll""GenerateGroupPolicy"="GenerateGroupPolicyApplications""ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications""EventSources"="(Group Policy Applications,Application)""DisplayName"=expand:"@gpprefcl.dll,-15""PerUserLocalSettings"=dword:00000001"EnableAsynchronousProcessing"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\Event]@DACL=(02 0000)"Logon"="LBTWLgn_LOGON""StartShell"="LBTWLgn_STARTSHELL".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]@DACL=(02 0000)"HelpAssistant"=dword:00000000"TsInternetUser"=dword:00000000"SQLAgentCmdExec"=dword:00000000"NetShowServices"=dword:00000000"IWAM_"=dword:00010000"IUSR_"=dword:00010000"VUSR_"=dword:00010000"ASPNET"=dword:00000000.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(900)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dllc:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll.- - - - - - - > 'explorer.exe'(3256)c:\windows\system32\WININET.dllc:\program files\Logitech\SetPoint\lgscroll.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvsvc32.exec:\program files\Microsoft Security Client\Antimalware\MsMpEng.exec:\program files\Common Files\Acronis\Schedule2\schedul2.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exec:\windows\system32\RUNDLL32.EXEc:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEc:\progra~1\Yahoo!\Messenger\ymsgr_tray.exec:\program files\Java\jre6\bin\jucheck.exe.**************************************************************************.Completion time: 2011-07-21 19:30:49 - machine was rebootedComboFix-quarantined-files.txt 2011-07-21 23:30.Pre-Run: 744,867,717,120 bytes freePost-Run: 744,608,567,296 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer.- - End Of File - - 75C504A17C79A1794E1ECA98AA3FBD3A Link to post Share on other sites More sharing options...
aliB Posted July 22, 2011 ID:456972 Share Posted July 22, 2011 hiplease do not quote the logs anymore just post them.Step 1Update MalwareBytes AntiMalware and Run a Quick Scan.Post the log it producesStep 2Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicThings i would like to see in your reply:Malwarebytes Results.Eset scanner report.Update on how your computer is running Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 23, 2011 Author ID:457368 Share Posted July 23, 2011 Things i would like to see in your reply:Malwarebytes Results.Eset scanner report.Update on how your computer is runningMalwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7234Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.137/22/2011 7:55:35 PMmbam-log-2011-07-22 (19-55-35).txtScan type: Quick scanObjects scanned: 178099Time elapsed: 3 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-07-19 12:51:10# local_time=2011-07-18 08:51:10 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5891 16776550 42 87 0 22141009 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=233920# found=5# cleaned=5# scan_time=4124C:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Corey\Application Data\Mozilla\Firefox\Profiles\lgnse41n.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Corey\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\bfgippgejeccnchedleabjblogcilapa\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{4961cdc2-4386-47a1-a7c8-cebc96db3e52}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ch94wjrd.default\extensions\{da02f5b3-bf4f-4f85-b123-6c152d8e1810}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 Cesets_scanner_update returned -1 esets_gle=53251# version=7# IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-07-19 02:37:21# local_time=2011-07-18 10:37:21 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=1024 16777215 100 0 43292752 43292752 0 0# compatibility_mode=5891 16776533 42 87 0 22146513 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=234177# found=0# cleaned=0# scan_time=4988# version=7# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=8f3d4d919a576646b257f4e5348fa7f7# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-07-23 01:24:59# local_time=2011-07-22 09:24:59 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=1024 16777215 100 0 43633773 43633773 0 0# compatibility_mode=5891 16776533 42 87 0 22487534 0 0# compatibility_mode=8192 67108863 100 0 260334 260334 0 0# scanned=241785# found=5# cleaned=5# scan_time=5227C:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1337\A0230545.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230678.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230679.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230680.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{7DA67284-6ABD-4CC2-AF29-3FE0D80D7677}\RP1338\A0230681.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CESET appears to have found and removed more on this run. Looks like the same 5, that it found on its previous run but in a different folder location.The computer, thus far has been functioning normally, though interestingly, when I booted up this evening I got another "alert" popping up from my Microsoft Security Essentials, reporting that my Windows is not a valid copy, even though I know it is. I bought this copy myself direct from Newegg about 3 years ago, and haven't had any such problem with it not being valid, until recently.MSE reports this for about 5 minutes, going so far as to turn itself off and flash an "update" button that takes me to the Microsoft website; but then after 5 minutes that all goes away by itself and MSE switches back into "happy mode" claiming that there is nothing wrong with my computer.That, at present, is the ONLY problem I am apparently still having... After posting this, I am going to run ESET again just for the sake of my own curiosity! Link to post Share on other sites More sharing options...
aliB Posted July 23, 2011 ID:457610 Share Posted July 23, 2011 is that happening very often ? Link to post Share on other sites More sharing options...
Nyarlathotep Posted July 23, 2011 Author ID:457626 Share Posted July 23, 2011 Not very often, no it doesn't.Maybe once every 3 - 4 weeks. Usually goes away after a quick reboot. Link to post Share on other sites More sharing options...
Recommended Posts