Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Re-Post: Assistance is Requested.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re-Post: Assistance is Requested.

Unread postby neonal18 » October 2nd, 2011, 6:54 am

This thread was previously closed due to me not giving a DDS Log. I now have one.

I have recently acquired a problem with my computer. It has been acting suspicious for a while, but nothing too bad has happened until today. A window for a supposed anti-virus program that I didn't have opened up. After I closed it, things got bad. I am unable to do anything with an internet connection on my computer, nor can I open up either one of my actual anti-virus programs, including Malwarebytes. Aside from these details, I don't know much more about my situation. Any and all help or advice would be appreciated.

Here's my DDS Log.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Run by Alex at 6:48:35 on 2011-10-02
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.2271 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\3337897741:4072147769.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\libusbd-nt.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Alex\AppData\Local\3DVIA\3DVIAUpdate\3DVIAupdt32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: {01de9cfe-a4dc-4dfb-bfa1-8f224078141c} - c:\windows\system32\apss32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMON.EXE
uRun: [AdobeBridge]
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ja minimizer] "c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\base\ja minimizer\ja minimizer.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [3DVIA Update] c:\users\alex\appdata\local\3dvia\3dviaupdate\3DVIAupdt32.exe
uRun: [-1037610851] c:\users\alex\appdata\local\temp\\jucheck.exe
uRun: [DirectxNotifierOnline] rundll32.exe "c:\programdata\DirectxNotifierOnline.dll",DllRegisterServer
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\users\alex\qt lite\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SmartSoft PDF Printer Agent] c:\program files\smart pdf creator pro\SmartSoft PDF Printer Agent.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{55C26E17-E79A-4F8F-91BB-F409E4FCBD55} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\6f6pknu3.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\users\alex\appdata\local\roblox\versions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\6f6pknu3.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin2.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin3.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin4.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin5.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin6.dll
FF - plugin: c:\users\alex\qt lite\plugins\npqtplugin7.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {e91637a9-447b-48b8-af06-5a0506a056cb} - %profile%\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-9 207280]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-7-30 145424]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-9 112592]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-13 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-13 126392]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-12-25 4497704]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-7-30 50256]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2008-12-26 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2011-9-18 36624]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-12-26 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-7-30 256528]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-12-25 113448]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-9-26 207360]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-4-20 33792]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-12-25 16168]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-12-25 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 swprv32;Microsoft Software Shadow Copy Provider ;c:\windows\system32\wmdrmdev32.exe --> c:\windows\system32\wmdrmdev32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-9 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-9 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-9 1141712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-01 21:27:13 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aec591b3-1455-4647-80a5-da5809614e96}\offreg.dll
2011-09-30 17:25:39 -------- d-----w- c:\users\alex\appdata\roaming\SYSTEMAX Software Development
2011-09-30 17:25:39 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2011-09-30 17:25:25 -------- d-----w- c:\users\alex\appdata\local\Zame
2011-09-30 11:32:28 102400 ----a-w- c:\windows\RegBootClean.exe
2011-09-30 05:56:21 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aec591b3-1455-4647-80a5-da5809614e96}\mpengine.dll
2011-09-24 01:59:11 98304 ----a-w- c:\programdata\DirectxNotifierOnline.dll
2011-09-18 08:26:07 262416 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-09-18 08:26:07 1405720 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-09-18 08:26:06 36624 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-09-13 13:29:45 -------- d-----w- c:\users\alex\appdata\roaming\Tific
2011-09-13 13:29:45 -------- d-----w- c:\users\alex\appdata\local\Tific
2011-09-13 13:29:19 -------- d-----w- c:\windows\system32\drivers\nortonpccheckup\02000C0.01B
2011-09-13 13:29:19 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-09-13 13:29:19 -------- d-----w- c:\programdata\Norton
2011-09-13 13:29:19 -------- d-----w- c:\program files\Norton PC Checkup
2011-09-13 13:29:15 -------- d-----w- c:\programdata\NortonInstaller
2011-09-13 10:31:50 -------- d-----w- c:\programdata\UAB
2011-09-13 10:30:41 -------- d-----w- c:\users\alex\appdata\local\PC_Drivers_Headquarters
2011-09-13 10:29:41 -------- d-----w- c:\programdata\Driver Tool
2011-09-13 10:26:31 -------- d-----w- c:\program files\Driver Tool
2011-09-06 23:18:44 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2011-08-26 22:21:30 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-02 12:48:10 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-02 12:48:07 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-24 07:51:28 5830 --sha-w- c:\programdata\untfs32.dll
2011-07-24 06:51:27 5830 --sha-w- c:\programdata\XAudio2_332.dll
2011-07-24 04:51:27 5830 --sha-w- c:\programdata\mssprxy32.dll
2011-07-24 03:51:27 5830 --sha-w- c:\programdata\KBDFO32.dll
2011-07-24 02:51:26 5830 --sha-w- c:\programdata\pmspl32.dll
2011-07-24 01:51:26 5830 --sha-w- c:\programdata\tvratings32.dll
2011-07-24 00:51:24 5830 --sha-w- c:\programdata\dwmredir32.dll
2011-07-23 23:51:24 5830 --sha-w- c:\programdata\netprofm32.dll
2011-07-23 22:51:22 5830 --sha-w- c:\programdata\cfgmgr3232.dll
2011-07-23 21:51:21 5830 --sha-w- c:\programdata\mtxlegih32.dll
2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 6:49:25.09 ===============
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm
Advertisement
Register to Remove

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 2nd, 2011, 11:35 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 2nd, 2011, 11:42 am

Your log shows have a "Zero Access" rootkit on your machine.


  • Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.


Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 2nd, 2011, 1:50 pm

Results of the MGA scan:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {89018D06-4D9B-4BA4-A193-9BD389349A7C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Professional 2007 - 100 Genuine
Microsoft Office Publisher 2007 - 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{89018D06-4D9B-4BA4-A193-9BD389349A7C}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-1480268344-322766123-2448355078</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>FQ553AA-ABA a6608f</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.30 </Version><SMBIOSVersion major="2" minor="5"/><Date>20080905000000.000000+000</Date></BIOS><HWID>F6303507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>62841710E9EF29A</Val><Hash>ieH7D1gyMYPnfjzBgERsTywMKvY=</Hash><Pid>81605-333-7522066-65161</Pid><PidType>10</PidType></Product><Product GUID="{91120000-0019-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Publisher 2007</Name><Ver>12</Ver><Val>A28F8E434807A6A</Val><Hash>uMujuAMjrRG/rnVRsv19TAx9gAQ=</Hash><Pid>81613-309-8110722-62781</Pid><PidType>10</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>35D1A746D5CAAEE</Val><Hash>+znd3KrElKs+bk/7FKAuHon3esY=</Hash><Pid>81602-375-7145272-68751</Pid><PidType>10</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-1033-6001.0000-3612008
Installation ID: 007872046631058180858330899653892456735730294302286441
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: MAAAAAEAAAABAAEAAwABAAAAAgABAAEAeqhIiezmQJAaoY3v4mzy9AjK9G+sViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
OEMB HPQOEM SLIC-CPC
GSCI HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC



Results of the CK Scan:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\steam\steamapps\neonal18\garrysmod\garrysmod\addons\mcmodelpack\materials\models\mcmodelpack\stonebrick-cracked.vmt
c:\program files\steam\steamapps\neonal18\garrysmod\garrysmod\addons\mcmodelpack\materials\models\mcmodelpack\stonebrick-cracked.vtf
c:\program files\steam\steamapps\neonal18\team fortress 2\tf\screenshots\dfcrackhead is looking good!.tga
c:\program files\team fortress 2\hl2\materials\glass\glasswindow018a_cracked.vmt
c:\program files\team fortress 2\hl2\materials\glass\glasswindow018a_cracked.vtf
c:\program files\team fortress 2\tf\materials\cp_manor\plaster_crackle01.vmt
c:\program files\team fortress 2\tf\materials\cp_manor\plaster_crackle01.vtf
c:\python27\lib\site-packages\numpy\f2py\crackfortran.py
c:\python27\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\python27\lib\site-packages\numpy\f2py\crackfortran.pyo
c:\users\alex\documents\flash drive stuff\pivotstickfigureanimator%203%20%28beta%29\stick figures\smash bros\items\cracker launcher.stk
scanner sequence 3.FI.11.CUNAIB
----- EOF -----
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 2nd, 2011, 2:27 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start, please be aware that Zero Access is a serious rootkit infection that patches system drivers on your computer, it is highly resistant to being removed, and with some versions the only practical way to remove it is to reformat your hard drive and re-install Windows.

So I will stress once again the importance of backing up your personal files and folders to some external device before we start trying to clean your machine.

OK, backups completed, then we'll begin .......

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 2nd, 2011, 3:40 pm

Here is the report.

ComboFix 11-10-02.01 - Alex 10/02/2011 14:57:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.1609 [GMT -4:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DirectxNotifierOnline.dll
c:\users\Alex\0.23311462733121524.exe
c:\users\Alex\0.6171854392866679.exe
c:\users\Alex\0.6263945980991741.exe
c:\users\Alex\AppData\Local\3DVIA\3DVIAUpdate\3DVIAupdt32.dll
c:\users\Alex\AppData\Local\3DVIA\3DVIAUpdate\3DVIAupdt32.exe
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\chrome.manifest
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\chrome\xulcache.jar
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\defaults\preferences\xulcache.js
c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\install.rdf
c:\users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\evz0o8nc.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}
c:\users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\evz0o8nc.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\chrome.manifest
c:\users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\evz0o8nc.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\chrome\xulcache.jar
c:\users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\evz0o8nc.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\defaults\preferences\xulcache.js
c:\users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\evz0o8nc.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\install.rdf
c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\v82cf88j.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}
c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\v82cf88j.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\chrome.manifest
c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\v82cf88j.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\chrome\xulcache.jar
c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\v82cf88j.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\defaults\preferences\xulcache.js
c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\v82cf88j.default\extensions\{e91637a9-447b-48b8-af06-5a0506a056cb}\install.rdf
c:\windows\$NtUninstallKB1662$
c:\windows\$NtUninstallKB1662$\222819526\@
c:\windows\$NtUninstallKB1662$\222819526\bckfg.tmp
c:\windows\$NtUninstallKB1662$\222819526\cfg.ini
c:\windows\$NtUninstallKB1662$\222819526\Desktop.ini
c:\windows\$NtUninstallKB1662$\222819526\kwrd.dll
c:\windows\$NtUninstallKB1662$\222819526\L\qnbwvoto
c:\windows\$NtUninstallKB1662$\222819526\lsflt7.ver
c:\windows\$NtUninstallKB1662$\222819526\U\00000001.@
c:\windows\$NtUninstallKB1662$\222819526\U\00000002.@
c:\windows\$NtUninstallKB1662$\222819526\U\80000000.@
c:\windows\$NtUninstallKB1662$\222819526\U\80000032.@
c:\windows\$NtUninstallKB1662$\3000275416
c:\windows\system32\service
c:\windows\system32\service\02012010_TIS17_SfFniAU.log
c:\windows\system32\service\03082009_TIS17_SfFniAU.log
c:\windows\system32\service\06062009_TIS17_SfFniAU.log
c:\windows\system32\service\07092009_TIS17_SfFniAU.log
c:\windows\system32\service\10032009_TIS17_SfFniAU.log
c:\windows\system32\service\11032011_TIS17_SfFniAU.log
c:\windows\system32\service\12102010_TIS17_SfFniAU.log
c:\windows\system32\service\14082010_TIS17_SfFniAU.log
c:\windows\system32\service\15082010_TIS17_SfFniAU.log
c:\windows\system32\service\21092009_TIS17_SfFniAU.log
c:\windows\system32\service\22042009_TIS17_SfFniAU.log
c:\windows\system32\service\22082009_TIS17_SfFniAU.log
c:\windows\system32\service\23062009_TIS17_SfFniAU.log
c:\windows\system32\service\24012009_TIS17_SfFniAU.log
c:\windows\system32\service\24062009_TIS17_SfFniAU.log
c:\windows\system32\service\24072009_TIS17_SfFniAU.log
c:\windows\system32\service\24092011_TIS17_SfFniAU.log
c:\windows\system32\service\26092009_TIS17_SfFniAU.log
c:\windows\system32\service\27042011_TIS17_SfFniAU.log
c:\windows\system32\service\29032009_TIS17_SfFniAU.log
c:\windows\system32\service\29092010_TIS17_SfFniAU.log
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_d47f4c6
.
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-02 19:18 . 2011-10-02 19:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEC591B3-1455-4647-80A5-DA5809614E96}\offreg.dll
2011-10-02 19:16 . 2011-10-02 19:20 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-10-02 19:16 . 2011-10-02 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-02 19:16 . 2011-10-02 19:16 -------- d-----w- c:\users\Dad\AppData\Local\temp
2011-10-02 19:16 . 2011-10-02 19:16 -------- d-----w- c:\users\CJ\AppData\Local\temp
2011-10-02 18:54 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-02 16:50 . 2011-10-02 16:50 -------- d-----w- C:\MGADiagToolOutput
2011-10-02 16:47 . 2011-10-02 16:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\users\Alex\AppData\Roaming\SYSTEMAX Software Development
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\users\Alex\AppData\Local\Zame
2011-09-30 13:24 . 2011-09-30 13:24 -------- d-----w- c:\windows\Sun
2011-09-30 11:32 . 2011-09-30 11:40 102400 ----a-w- c:\windows\RegBootClean.exe
2011-09-30 05:56 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEC591B3-1455-4647-80A5-DA5809614E96}\mpengine.dll
2011-09-18 08:26 . 2011-07-12 10:44 262416 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-09-18 08:26 . 2011-07-12 10:09 1405720 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-09-18 08:26 . 2011-07-12 10:43 36624 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-09-13 13:29 . 2011-09-13 13:30 -------- d-----w- c:\users\Alex\AppData\Local\Tific
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\users\Alex\AppData\Roaming\Tific
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\programdata\Norton
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\program files\Norton PC Checkup
2011-09-13 10:31 . 2011-09-13 10:31 -------- d-----w- c:\programdata\UAB
2011-09-13 10:30 . 2011-09-13 10:30 -------- d-----w- c:\users\Alex\AppData\Local\PC_Drivers_Headquarters
2011-09-13 10:29 . 2011-09-13 10:29 -------- d-----w- c:\programdata\Driver Tool
2011-09-13 10:26 . 2011-09-13 10:26 -------- d-----w- c:\program files\Driver Tool
2011-09-06 23:19 . 2011-10-02 17:45 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2011-09-06 23:18 . 2011-09-06 23:19 -------- d-----r- c:\program files\Skype
2011-09-06 23:18 . 2011-09-06 23:18 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-02 12:48 . 2011-08-02 12:48 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-02 12:48 . 2011-08-02 12:48 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-24 07:51 . 2011-07-24 07:51 5830 --sha-w- c:\programdata\untfs32.dll
2011-07-24 06:51 . 2011-07-24 06:51 5830 --sha-w- c:\programdata\XAudio2_332.dll
2011-07-24 04:51 . 2011-07-24 04:51 5830 --sha-w- c:\programdata\mssprxy32.dll
2011-07-24 03:51 . 2011-07-24 03:51 5830 --sha-w- c:\programdata\KBDFO32.dll
2011-07-24 02:51 . 2011-07-24 02:51 5830 --sha-w- c:\programdata\pmspl32.dll
2011-07-24 01:51 . 2011-07-24 01:51 5830 --sha-w- c:\programdata\tvratings32.dll
2011-07-24 00:51 . 2011-07-24 00:51 5830 --sha-w- c:\programdata\dwmredir32.dll
2011-07-23 23:51 . 2011-07-23 23:51 5830 --sha-w- c:\programdata\netprofm32.dll
2011-07-23 22:51 . 2011-07-23 22:51 5830 --sha-w- c:\programdata\cfgmgr3232.dll
2011-07-23 21:51 . 2011-07-23 21:51 5830 --sha-w- c:\programdata\mtxlegih32.dll
2011-07-06 14:56 . 2011-08-14 16:30 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-14 1242448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-12 395640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-26 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\users\Alex\QT Lite\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2010-10-15 62856]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-26 3510680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 fwulvgrt;fwulvgrt;c:\windows\system32\drivers\fwulvgrt.sys [x]
R1 fxokcjyf;fxokcjyf;c:\windows\system32\drivers\fxokcjyf.sys [x]
R1 jckzbwgr;jckzbwgr;c:\windows\system32\drivers\jckzbwgr.sys [x]
R1 jqlezatt;jqlezatt;c:\windows\system32\drivers\jqlezatt.sys [x]
R1 kkxfjzor;kkxfjzor;c:\windows\system32\drivers\kkxfjzor.sys [x]
R1 maqmwfog;maqmwfog;c:\windows\system32\drivers\maqmwfog.sys [x]
R1 nehehbft;nehehbft;c:\windows\system32\drivers\nehehbft.sys [x]
R1 rhqxxywa;rhqxxywa;c:\windows\system32\drivers\rhqxxywa.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 swprv32;Microsoft Software Shadow Copy Provider ;c:\windows\system32\wmdrmdev32.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3461116]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-17 721904]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-05-03 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 4497704]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-05 50256]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-03 497008]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 36624]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-03 677128]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 113448]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-02 c:\windows\Tasks\User_Feed_Synchronization-{6BCE3385-2AE3-4C19-B5CE-CEEB79B28D40}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2011-10-02 c:\windows\Tasks\User_Feed_Synchronization-{E3601854-F1C9-46B2-B447-AB4D7CC5C161}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01DE9CFE-A4DC-4DFB-BFA1-8F224078141c} - c:\windows\system32\apss32.dll
ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - c:\users\Alex\AppData\Local\Temp\lym.dll
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-ja minimizer - c:\program files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\base\ja minimizer\ja minimizer.exe
HKCU-Run-3DVIA Update - c:\users\Alex\AppData\Local\3DVIA\3DVIAUpdate\3DVIAupdt32.exe
HKCU-Run-DirectxNotifierOnline - c:\programdata\DirectxNotifierOnline.dll
AddRemove-AVI to MPEG Converter - c:\progra~1\AVITOM~1\UNWISE.EXE
AddRemove-Cartoonist_is1 - c:\users\Alex\Documents\Cartoonist\unins000.exe
AddRemove-Champions Online - c:\users\Alex\Documents\Cryptic Studios\Uninstall Champions Online.exe
AddRemove-Chatango - c:\program files\Chatango\uninstall.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Direct MIDI to MP3 Converter_is1 - c:\users\Alex\Documents\Direct MIDI to MP3 Converter\unins000.exe
AddRemove-FL Studio 8 - c:\users\Alex\FL Studio 8\uninstall.exe
AddRemove-ImTOO MOV Converter - c:\users\Alex\MOV Converter\Uninstall.exe
AddRemove-Midi2Wav Recorder DEMO - c:\users\Alex\Documents\Midi2Wav Recorder\uninst.exe
AddRemove-NortonPCCheckup - c:\program files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.12.27\InstStub.exe
AddRemove-Sibelius 6 Demo_is1 - c:\program files\Sibelius Software\Sibelius 6 Demo\unins000.exe
AddRemove-ST6UNST #1 - c:\users\Alex\Documents\Fleximusic Orchestra\FmUninst.exe
AddRemove-SWF & FLV Toolbox_is1 - c:\users\Alex\Documents\SWF & FLV Toolbox\unins000.exe
AddRemove-VST Bridge_is1 - c:\program files\Audacity\Plug-Ins\VST Bridge\unins000.exe
AddRemove-WampServer 2_is1 - c:\users\Alex\Documents\wamp\unins000.exe
AddRemove-{6DDE481E-8730-4064-B731-C58B8E431C57} - c:\softimage\Softimage_7.5\Setup\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 15:19
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACDA159A-FBC9-45C0-D468-3F79EBBD2342}*]
"oajindfgehbiolekjfldelobegmaon"=hex:69,61,63,6e,6e,6d,70,62,66,6c,66,6c,6d,6f,
6c,63,6b,61,00,00
"nahhdddmhnpkhldfhmiecnghhnhd"=hex:69,61,63,6e,6e,6d,70,62,66,6c,66,6c,6d,6f,
6c,63,6b,61,00,00
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,10,d1,3b,9d,05,cd,f2,aa,3f,0f,df,13,d7,ff,d9,ce,0b,fb,ad,2e,55,16,
f6,15,cb,a2,10,c4,46,0d,56,ac,02,c2,f4,2c,56,13,b2,6a,f1,cf,a0,2c,70,8e,61,\
"??"=hex:aa,06,ba,37,1f,bb,9e,c2,1a,37,22,8e,f0,4b,61,9b
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\SecuROM\License information*]
"datasecu"=hex:80,7b,d6,03,f8,23,94,0e,94,3c,68,be,fa,1b,57,38,c8,da,54,c7,17,
28,87,c0,ef,3d,c6,0d,c4,b0,94,66,51,a8,50,7e,54,0d,2f,0f,a7,78,f9,93,16,67,\
"rkeysecu"=hex:26,e1,19,a8,04,c6,31,4d,91,ec,92,f0,99,45,76,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3528)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-10-02 15:29:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-02 19:29
.
Pre-Run: 28,985,962,496 bytes free
Post-Run: 29,477,871,616 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=54 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54
- - End Of File - - 25B5B3DE66CB9A8E30F04DBB5CBB34CC

After the scan and creation of the log, all symptoms mentioned in the original post remained.
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 3rd, 2011, 4:56 am

Still work to do ....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

uTorrent
Java 6 update 1
Java 6 update 21


Use of P2P programs is the surest way to contract an infection that I know of.

Old versions of Java can be exploited, so they need to be removed, we'll update you to the latest version when we've finished cleaning your computer.

Reboot your computer when finished uninstalling all the programs.

Next

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

Folder::
c:\program files\uTorrent

Driver::
fwulvgrt
fxokcjyf
jckzbwgr
jqlezatt
kkxfjzor
maqmwfog
nehehbft
rhqxxywa

File::
c:\windows\system32\drivers\fwulvgrt.sys
c:\windows\system32\drivers\fxokcjyf.sys
c:\windows\system32\drivers\jckzbwgr.sys
c:\windows\system32\drivers\jqlezatt.sys
c:\windows\system32\drivers\kkxfjzor.sys
c:\windows\system32\drivers\maqmwfog.sys
c:\windows\system32\drivers\nehehbft.sys
c:\windows\system32\drivers\rhqxxywa.sys

Regnull::
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACDA159A-FBC9-45C0-D468-3F79EBBD2342}*]

FixCSet::


  • Click Format and ensure Wordwrap is unchecked.
  • Save as CFScript.txt to your Desktop.

Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Combofix will now process that file.

When finished, it will produce a log for you. Post that log in your next reply please. (it can also be found at C:\Combofix.txt)

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • Latest Combofix log
  • E-Set log
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 3rd, 2011, 6:43 am

I have two problems running these steps. First of all, whenever I drag CFScript.txt into ComboFix's icon, it appears to run a regular scan same as it did yesterday. Secondly, I have no internet connection on my computer, so I can't use E-Set. I've been accessing this forum and all files necessary through a laptop. I've been transferring files from the laptop to the computer via flash drive. I understand that this may be dangerous, but it is the only way that I could get the proper files to my computer. Anyway, if you could help me with either of these problems, it would be appreciated.
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 3rd, 2011, 7:09 am

OK, let's try something different then.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[-HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACDA159A-FBC9-45C0-D468-3F79EBBD2342}*]

:Services
fwulvgrt
fxokcjyf
jckzbwgr
jqlezatt
kkxfjzor
maqmwfog
nehehbft
rhqxxywa

:Files
c:\windows\system32\drivers\fwulvgrt.sys
c:\windows\system32\drivers\fxokcjyf.sys
c:\windows\system32\drivers\jckzbwgr.sys
c:\windows\system32\drivers\jqlezatt.sys
c:\windows\system32\drivers\kkxfjzor.sys
c:\windows\system32\drivers\maqmwfog.sys
c:\windows\system32\drivers\nehehbft.sys
c:\windows\system32\drivers\rhqxxywa.sys
c:\program files\uTorrent
netsh winsock reset /c
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[emptyflash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Let me know if you're still unable to connect to the internet.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 3rd, 2011, 3:17 pm

I am still unable to connect to the internet. However, the circumstances are different. Previously, my computer said I had a network connection but I was still unable to connect. This time, however, it says that I do not even have a network connection to begin with. When I opened up the list of networks, it appeared that my computer was no longer able to detect the home network. All other devices in the house can still connect to the network. I now need a way to find my network again.

Here is the log that OTL gave me.

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
Registry key HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACDA159A-FBC9-45C0-D468-3F79EBBD2342}*\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACDA159A-FBC9-45C0-D468-3F79EBBD2342}*\ not found.
========== SERVICES/DRIVERS ==========
Service fwulvgrt stopped successfully!
Service fwulvgrt deleted successfully!
Service fxokcjyf stopped successfully!
Service fxokcjyf deleted successfully!
Service jckzbwgr stopped successfully!
Service jckzbwgr deleted successfully!
Service jqlezatt stopped successfully!
Service jqlezatt deleted successfully!
Service kkxfjzor stopped successfully!
Service kkxfjzor deleted successfully!
Service maqmwfog stopped successfully!
Service maqmwfog deleted successfully!
Service nehehbft stopped successfully!
Service nehehbft deleted successfully!
Service rhqxxywa stopped successfully!
Service rhqxxywa deleted successfully!
========== FILES ==========
File\Folder c:\windows\system32\drivers\fwulvgrt.sys not found.
File\Folder c:\windows\system32\drivers\fxokcjyf.sys not found.
File\Folder c:\windows\system32\drivers\jckzbwgr.sys not found.
File\Folder c:\windows\system32\drivers\jqlezatt.sys not found.
File\Folder c:\windows\system32\drivers\kkxfjzor.sys not found.
File\Folder c:\windows\system32\drivers\maqmwfog.sys not found.
File\Folder c:\windows\system32\drivers\nehehbft.sys not found.
File\Folder c:\windows\system32\drivers\rhqxxywa.sys not found.
c:\program files\uTorrent folder moved successfully.
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 69259 bytes
->Temporary Internet Files folder emptied: 9266233 bytes
->Java cache emptied: 12025908 bytes
->FireFox cache emptied: 53143745 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 161220 bytes

User: All Users

User: CJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 13738662 bytes
->FireFox cache emptied: 63109890 bytes
->Flash cache emptied: 29056 bytes

User: Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3059594 bytes
->FireFox cache emptied: 77463442 bytes
->Flash cache emptied: 2212 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1196 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 222.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: CJ
->Flash cache emptied: 0 bytes

User: Dad
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10032011_145726

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 3rd, 2011, 4:11 pm

If you haven't already done so, please reboot your computer then try to connect again.

Next

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it

Image

  • Click the SCAN button to start the scan.

Image

  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

DO NOT TRY TO FIX ANYTHING THAT MAY BE FOUND

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 3rd, 2011, 6:13 pm

Here's the OTL.txt


OTL logfile created on: 10/3/2011 5:23:21 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.56% Memory free
6.21 Gb Paging File | 5.05 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.39 Gb Total Space | 26.33 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
Drive D: | 11.50 Gb Total Space | 1.58 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
Drive E: | 1003.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 121.94 Mb Total Space | 119.45 Mb Free Space | 97.96% Space Free | Partition Type: FAT

Computer Name: ALS-COMPY | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/03 14:52:26 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/08/26 18:21:26 | 003,510,680 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2011/05/03 17:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/10/14 20:57:48 | 000,062,856 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/23 20:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 20:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/03 05:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/03 04:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/11 06:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/11 06:51:48 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/14 20:57:48 | 000,062,856 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [Auto | Stopped] -- -- (swprv32)
SRV - [2011/09/27 19:42:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/13 07:29:23 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 17:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/10/07 07:33:18 | 000,711,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/02/24 12:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/03 05:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 04:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/03/03 04:46:13 | 000,341,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/06/11 06:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/08/02 08:48:10 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/08/02 08:48:07 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/07/12 06:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2011/07/12 06:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2011/07/12 06:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/05 11:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 11:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 11:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/27 19:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/07/09 13:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/17 07:06:19 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/03 19:12:44 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/03/03 19:12:40 | 000,256,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/03/03 19:12:40 | 000,145,424 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2008/02/14 10:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/12 11:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 11:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 11:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FE 9C DE 01 DC A4 FB 4D BF A1 8F 22 40 78 14 1C [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FE 9C DE 01 DC A4 FB 4D BF A1 8F 22 40 78 14 1C [binary data]

IE - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FE 9C DE 01 DC A4 FB 4D BF A1 8F 22 40 78 14 1C [binary data]
IE - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Alex\AppData\Local\Roblox\Versions\version-5ce51d8367464075\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 17:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/01 17:32:03 | 000,000,000 | ---D | M]

[2008/12/26 21:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/10/02 15:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions
[2010/04/27 17:24:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/22 15:05:58 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/05/02 18:47:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/29 16:19:31 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\moveplayer@movenetworks.com
[2011/03/25 18:37:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\personas@christopher.beard
[2009/05/03 10:59:15 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\extensions\yyginstantplay@yoyogames.com
[2011/10/03 06:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/06 19:19:40 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/12/31 05:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/03 14:57:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Users\Alex\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1480268344-322766123-2448355078-1001..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55C26E17-E79A-4F8F-91BB-F409E4FCBD55}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\Pictures\kirbfortress.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\Pictures\kirbfortress.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/13 06:31:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/11/18 18:36:24 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/26 10:13:49 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/07/26 10:20:44 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/26 10:20:45 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/07/26 10:20:38 | 000,000,156 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1480268344-322766123-2448355078-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 14:57:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 14:56:26 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/10/03 06:33:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/03 06:09:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2011/10/02 15:29:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/02 15:29:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
[2011/10/02 15:19:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/02 14:48:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/02 14:48:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/02 14:48:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/02 14:48:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 14:48:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 14:46:45 | 004,240,388 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/10/02 12:50:48 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/10/02 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/10/02 12:46:08 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\Desktop\MGADiag.exe
[2011/09/30 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\SYSTEMAX Software Development
[2011/09/30 13:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SYSTEMAX Software Development
[2011/09/30 13:25:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PaintTool SAI English Pack
[2011/09/30 13:25:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Zame
[2011/09/30 09:24:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/18 04:26:07 | 001,405,720 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2011/09/18 04:26:07 | 000,262,416 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2011/09/18 04:26:06 | 000,036,624 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2011/09/13 09:29:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Tific
[2011/09/13 09:29:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Tific
[2011/09/13 09:29:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup
[2011/09/13 09:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2011/09/13 09:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/09/13 09:29:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup\02000C0.01B
[2011/09/13 09:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/09/13 06:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011/09/13 06:30:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\PC_Drivers_Headquarters
[2011/09/13 06:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2011/09/13 06:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tool
[2011/09/13 06:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Tool
[2011/09/06 19:19:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Skype
[2011/09/06 19:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/09/06 19:18:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/09/06 19:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2011/10/03 17:30:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E3601854-F1C9-46B2-B447-AB4D7CC5C161}.job
[2011/10/03 17:30:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6BCE3385-2AE3-4C19-B5CE-CEEB79B28D40}.job
[2011/10/03 17:21:42 | 000,055,509 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/03 17:01:19 | 000,055,509 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/03 16:59:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/03 16:59:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/03 16:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/03 16:59:04 | 3220,414,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/03 14:57:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/03 14:52:26 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/10/02 14:40:30 | 004,240,388 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/10/02 12:06:58 | 000,459,264 | ---- | M] () -- C:\Users\Alex\Desktop\CKScanner.exe
[2011/10/02 12:06:52 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Alex\Desktop\MGADiag.exe
[2011/10/01 17:32:03 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/10/01 10:07:01 | 000,002,032 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/09/30 20:34:38 | 000,043,641 | ---- | M] () -- C:\Users\Alex\.recently-used.xbel
[2011/09/30 13:25:26 | 000,002,028 | ---- | M] () -- C:\Users\Alex\Desktop\PaintTool SAI.lnk
[2011/09/30 07:40:10 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/09/06 19:18:45 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/10/02 14:48:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/02 14:48:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/02 14:48:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/02 14:48:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/02 14:48:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/02 12:46:05 | 000,459,264 | ---- | C] () -- C:\Users\Alex\Desktop\CKScanner.exe
[2011/10/01 17:32:03 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/10/01 17:32:03 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/10/01 17:27:03 | 3220,414,464 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/30 20:34:38 | 000,043,641 | ---- | C] () -- C:\Users\Alex\.recently-used.xbel
[2011/09/30 13:25:26 | 000,002,028 | ---- | C] () -- C:\Users\Alex\Desktop\PaintTool SAI.lnk
[2011/09/30 07:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/09/13 09:29:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NortonPCCheckup\02000C0.01B\isolate.ini
[2011/09/06 19:18:45 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/08/02 08:48:10 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/08/02 08:48:07 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/07/24 03:51:28 | 000,005,830 | -HS- | C] () -- C:\ProgramData\untfs32.dll
[2011/07/24 02:51:27 | 000,005,830 | -HS- | C] () -- C:\ProgramData\XAudio2_332.dll
[2011/07/24 00:51:27 | 000,005,830 | -HS- | C] () -- C:\ProgramData\mssprxy32.dll
[2011/07/23 23:51:27 | 000,005,830 | -HS- | C] () -- C:\ProgramData\KBDFO32.dll
[2011/07/23 22:51:26 | 000,005,830 | -HS- | C] () -- C:\ProgramData\pmspl32.dll
[2011/07/23 21:51:26 | 000,005,830 | -HS- | C] () -- C:\ProgramData\tvratings32.dll
[2011/07/23 20:51:24 | 000,005,830 | -HS- | C] () -- C:\ProgramData\dwmredir32.dll
[2011/07/23 19:51:24 | 000,005,830 | -HS- | C] () -- C:\ProgramData\netprofm32.dll
[2011/07/23 18:51:22 | 000,005,830 | -HS- | C] () -- C:\ProgramData\cfgmgr3232.dll
[2011/07/23 17:51:21 | 000,005,830 | -HS- | C] () -- C:\ProgramData\mtxlegih32.dll
[2011/04/22 07:44:56 | 000,001,288 | -HS- | C] () -- C:\Users\Alex\AppData\Local\x165111wiod3e
[2011/04/22 07:44:56 | 000,001,288 | -HS- | C] () -- C:\ProgramData\x165111wiod3e
[2011/02/18 23:49:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/12/12 18:34:34 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/12 18:34:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/10/12 19:08:14 | 000,055,509 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/12 19:08:11 | 000,055,509 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/20 16:20:37 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010/03/20 21:22:48 | 000,008,542 | -HS- | C] () -- C:\Users\Alex\AppData\Local\2jD6MrYd2
[2010/03/20 21:22:48 | 000,008,542 | -HS- | C] () -- C:\ProgramData\2jD6MrYd2
[2010/03/09 18:38:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/09 18:38:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/06 08:07:11 | 000,010,276 | -HS- | C] () -- C:\Users\Alex\AppData\Local\cOIowo4S2404k
[2010/01/31 12:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2010/01/22 11:07:46 | 000,000,016 | RH-- | C] () -- C:\ProgramData\113A84EE.ini
[2010/01/22 11:07:33 | 000,000,016 | RH-- | C] () -- C:\Users\Alex\AppData\Local\89D4277.ini
[2009/12/02 17:56:55 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2009/12/02 17:56:55 | 000,007,225 | ---- | C] () -- C:\Windows\unins000.dat
[2009/11/29 08:33:31 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009/06/19 08:43:32 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/06/18 08:44:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/05/17 06:41:06 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/05/17 06:41:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2009/05/17 06:41:05 | 000,706,048 | ---- | C] () -- C:\Windows\System32\libmcl-3.1.1.dll
[2009/04/21 20:56:55 | 000,002,032 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2009/04/21 20:56:55 | 000,000,552 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d8caps.dat
[2009/04/19 11:13:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\XSIChooser.exe
[2009/04/14 17:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2008/12/26 23:36:16 | 000,207,872 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 18:54:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/26 18:54:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/26 08:38:44 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/09/26 08:38:44 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/09/26 08:38:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/09/26 08:38:44 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/09/26 08:13:24 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/09/26 07:47:12 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/09/26 07:47:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,400,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,659,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,126,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/01 08:15:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2010/02/03 10:44:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ACAMPREF
[2010/04/17 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acoustica
[2010/03/20 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Antares
[2011/05/29 18:26:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Anvil Studio
[2010/04/17 21:09:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Applied Acoustics Systems
[2009/06/19 08:35:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari
[2011/10/02 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity
[2011/06/13 08:23:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Autodesk
[2009/05/27 09:50:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Blender Foundation
[2011/09/26 14:48:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Celemony Software GmbH
[2009/05/17 08:29:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/06/18 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Eltima Software
[2009/02/11 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fretsonfire
[2009/11/08 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2011/09/30 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
[2009/01/24 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ImTOO Software Studio
[2011/04/21 11:26:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\inkscape
[2009/06/18 07:42:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2009/06/15 10:24:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Magic Set Editor
[2010/11/02 19:51:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mathsoft
[2009/12/31 08:55:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MilkShape 3D 1.x.x
[2010/10/18 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2009/09/03 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2010/03/20 12:16:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PACE Anti-Piracy
[2008/12/26 18:43:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PictureMover
[2009/07/06 07:39:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RadiantSettings
[2011/05/21 08:12:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SecondLife
[2011/02/18 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Smart PDF Creator Pro
[2010/10/07 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SPORE
[2011/01/08 09:43:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Subversion
[2009/06/17 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Synthesia
[2010/04/06 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SynthFont
[2011/09/30 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SYSTEMAX Software Development
[2010/10/03 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab
[2011/09/13 09:29:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tific
[2011/01/08 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2010/09/13 06:16:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue
[2009/03/02 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity
[2011/10/03 06:13:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2009/07/25 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WildTangent
[2010/12/25 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WTouch
[2009/05/29 11:41:38 | 000,000,000 | ---D | M] -- C:\Users\CJ\AppData\Roaming\gtk-2.0
[2009/05/27 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\CJ\AppData\Roaming\PictureMover
[2008/12/26 15:52:31 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PictureMover
[2011/01/19 07:12:54 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Subversion
[2011/01/19 07:11:47 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WTouch
[2011/10/03 16:57:56 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/03 17:30:00 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6BCE3385-2AE3-4C19-B5CE-CEEB79B28D40}.job
[2011/10/03 17:30:17 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E3601854-F1C9-46B2-B447-AB4D7CC5C161}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Alex\push.mp3:TOC.WMV
@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1156 bytes -> C:\Users\Alex\AppData\Local\ILa9phGurUP2:1XC6RPpYnlFccgL8sFqGr9y
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 3rd, 2011, 6:15 pm

Here's the Extras.txt



OTL Extras logfile created on: 10/3/2011 5:23:21 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.56% Memory free
6.21 Gb Paging File | 5.05 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.39 Gb Total Space | 26.33 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
Drive D: | 11.50 Gb Total Space | 1.58 Gb Free Space | 13.74% Space Free | Partition Type: NTFS
Drive E: | 1003.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 121.94 Mb Total Space | 119.45 Mb Free Space | 97.96% Space Free | Partition Type: FAT

Computer Name: ALS-COMPY | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Users\Alex\Documents\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Users\Alex\Documents\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Users\Alex\Documents\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28D728C5-82E3-47CD-8C97-73D0548CFAF9}" = lport=139 | protocol=6 | dir=in | app=system |
"{37F3B14F-0D0E-4655-AC1A-8CD33CC93A45}" = lport=138 | protocol=17 | dir=in | app=system |
"{68610891-71AE-42AB-9CD3-DA6BE71BD6CA}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FEA685E-34B1-4B04-916F-DD142726FDA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{763AAC7A-AA40-44A6-B4EC-60741EABC66C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A1679C13-43C8-4B7C-A1FF-E268A0378B24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A76C9DBC-49FE-44E0-AC31-7C2AAEEF1838}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE18BE97-B518-4022-922F-1F22EE80EB0F}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED86F16F-62E0-4D88-8E42-41CD2E17F1EC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F3F4BCB9-BAED-4980-8610-E6E2C0B8E189}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBF8EB09-4019-457F-9827-CF8DF496611C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF664577-4385-40DB-BDFC-975CCC172F4E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025E3B51-6E12-445F-916D-5DE12ED42A1B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{05CD1ED8-12A5-4A33-967F-1C96709552A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\neonal18\sourcesdk\bin\sdklauncher.exe |
"{0A932451-1F16-4681-A983-DF17BC275B7F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BD70B49-029B-4811-B4BF-8BA3AC4906ED}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{0C6140E2-3DFF-4D03-AEE9-963ADE929373}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{162600C5-DF40-4228-9BA5-BE96083D299E}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{2219D008-7D52-46E9-9A9C-47D0039BFEE7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{223B224B-CD2E-43F7-B8B5-1F54DA19AFCC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{2FBA5A1A-8C7F-4F02-B6FA-2523CA6CADEF}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{30BCC419-A351-4F0D-B66D-B39A0FED2B9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37176DA2-C6CE-47A6-9E34-D31657F0623E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{478D163D-EFAE-4E93-AD09-9ABDDD355FDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\neonal18\sourcesdk\bin\sdklauncher.exe |
"{4F6A1908-D81C-4960-A5D5-8FAD5216580C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{5224983C-DEB2-4810-BDD7-EE55CFE35150}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{56DC2994-3275-4E3C-ABBF-22522E62E142}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{60560793-F40E-4E54-B001-B76E1306D290}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{66CD8097-D4EB-48E1-8AF6-AC1C664737C3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7FB5C32A-0812-4366-ACC0-B5D320D5A9E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{806D48A9-8829-45D9-B10C-B893950B145F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{847FC604-0D44-4470-BF64-ACD0EEB76C3E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\champions online\champions online.exe |
"{8DE31209-4A1A-4460-A009-F3B3B3C35190}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\neonal18\garrysmod\hl2.exe |
"{910C9D60-6B69-4C9B-AD4D-02EDB27CA29C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9446E35C-E337-4E35-B0A6-8308B27CD4C2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{965D4236-FDD4-44E4-B6BE-A85D13EE5735}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{9B476729-92F0-4CCB-83BA-3B8B3EDFD430}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{9B5713AA-4CD0-4142-B2E1-607F939D5B71}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\neonal18\garrysmod\hl2.exe |
"{A8212BD1-951C-4D6A-9E91-93AA2F737707}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC4B2E98-2098-479B-815E-7939ADD9E754}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{AEEE74F5-9BBD-4F5A-B8B2-C1061321D2FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\neonal18\half-life\hl.exe |
"{B51E630E-8A2F-41B9-B9A5-97D3BBE16817}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{B55952EA-0260-433D-B4DA-A9B586669AE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{B6054369-286E-4985-9EAB-DFEE03D258D4}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{B75865F7-00D8-44FA-970E-A1DA6A2EF9BB}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{BC5E878D-51B6-4A9F-871A-0263CEC369B8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BCC4C7AD-6271-42C9-939C-3EDE53F29D64}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{BF12461D-6B3E-4A02-A6BD-ADABB5765AE6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\champions online\champions online.exe |
"{C697E3E5-667C-41CC-A333-03E5DEC32870}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D390D9AF-C383-40A5-B001-6C61818D26EB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6316A96-8748-4212-B5AE-B00159231265}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{E89103DF-807C-4208-B6D4-C4001CBC7A91}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{EB54BB72-7759-49ED-A37C-40BDA495A8A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\neonal18\half-life\hl.exe |
"{F20E2E30-155E-4E31-820D-C5003CF99FCE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{F545F629-78B2-48EF-8539-0229863EB44E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F5AE2079-743D-44AE-8A8B-E90FF48E59A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{F8A53429-D429-4615-AC5D-96E8AE7EF132}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE00974F-BA97-4F52-89AB-40B901837A98}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A9D0652-CFD9-4101-BB28-BC33BEC80982}_is1" = WinTex 5.0
"{0C9CB04A-5A5A-499E-95FC-F7FA9D70AA8A}" = Autodesk Softimage Mod Tool 7.5
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CBB71EE-A4DD-4B4D-A635-608D8D1E6F81}" = Driver Tool
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{30037E2F-832C-474F-97B1-70241B4F0DAB}" = SOFTIMAGE CROSSWALK 3.11
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46301B1E-8962-4672-B5A2-0636BA3C48F4}" = Melodyne 3.2 Demo
"{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C}" = Autodesk Softimage Mod Tool 7.5
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6264BE71-3144-47BE-B029-B9701B35A0DD}" = Movie Converter v4
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74D1C8E1-FA60-4AE5-959A-B1DC9F12A524}" = Autodesk Softimage 7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7C21F471-1B0B-4D81-B923-AF8E756E1F89}" = Anvil Studio 2011
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}" = Autodesk 3ds Max 2011 32-bit Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B743536-28E5-4A48-A1CC-8600A18386C3}" = Growler Guncam
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7596385-ABC1-4D25-8CF5-01968F85070F}" = Sherlock Holmes Nemesis DEMO
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2557E25-3B14-4B5E-A7C5-F6DF202B59FC}" = LEGO Wolf3D Beta 1C Setup (remove only)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8D06241-617C-42AB-B9C7-D9BA5A377D10}" = NVIDIA Texture Tools 2
"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EC9A0711-9823-4DD2-83C4-039886A3ECF6}" = Melodyne 3.2 Demo
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Advanced JPEG Compressor_is1" = Advanced JPEG Compressor 2009 r.3
"AnalogX AutoTune" = AnalogX AutoTune
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blender" = Blender (remove only)
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EADM" = EA Download Manager
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GCFExplorer_is1" = GCFExplorer 1.5
"GCFScape_is1" = GCFScape 1.8.1
"Grand Chase" = Grand Chase
"Guild Wars" = Guild Wars
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"IL Download Manager" = IL Download Manager
"InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.8 beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Melody Assistant" = Melody Assistant
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Notepad++" = Notepad++
"numpy-py2.7" = Python 2.7 numpy-1.5.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Pen Tablet Driver" = Bamboo
"PoiZone" = PoiZone
"PROR" = Microsoft Office Professional 2007 Trial
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"qt7lite_is1" = QT Lite 2.8.0
"Sawer" = Sawer
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SimPE PhotoStudio Templates_is1" = SimPE PhotoStudio Templates 3.0
"SimPE_is1" = SimPE 0.72 (alpha)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Smart PDF Creator Pro_is1" = Smart PDF Creator Pro 5.1.0.397
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 105600" = Terraria
"Steam App 11020" = TrackMania Nations Forever
"Steam App 211" = Source SDK
"Steam App 219" = Half-Life 2: Demo
"Steam App 39000" = Moonbase Alpha
"Steam App 4000" = Garry's Mod
"Steam App 410" = Portal: The First Slice
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 620" = Portal 2
"Steam App 70" = Half-Life
"Synthesia" = Synthesia (remove only)
"Team Fortress 2_is1" = TF2
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"Toxic Biohazard" = Toxic Biohazard
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"VirtuallTek Fighter Factory_is1" = Fighter Factory 1.0.9.2005 + Update Pack 1
"VTFEdit_is1" = VTFEdit 1.2.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Alex
"Inkscape" = Inkscape 0.48.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2011 2:52:19 AM | Computer Name = Als-Compy | Source = VSS | ID = 8194
Description =

Error - 6/24/2011 9:54:00 AM | Computer Name = Als-Compy | Source = Application Error | ID = 1000
Description = Faulting application audacity.exe, version 0.0.0.0, time stamp 0x455814e4,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception
code 0xc0000005, fault offset 0x0004308e, process id 0x1be4, application start time
0x01cc3275832ef970.

Error - 6/24/2011 6:52:37 PM | Computer Name = Als-Compy | Source = VSS | ID = 8194
Description =

Error - 6/24/2011 6:56:31 PM | Computer Name = Als-Compy | Source = System Restore | ID = 8193
Description =

Error - 6/24/2011 6:57:25 PM | Computer Name = Als-Compy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/24/2011 6:57:25 PM | Computer Name = Als-Compy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/25/2011 10:23:36 AM | Computer Name = Als-Compy | Source = Windows Search Service | ID = 3013
Description =

Error - 6/25/2011 11:07:47 AM | Computer Name = Als-Compy | Source = Windows Search Service | ID = 3013
Description =

Error - 6/26/2011 2:26:30 AM | Computer Name = Als-Compy | Source = VSS | ID = 8194
Description =

Error - 6/27/2011 2:27:04 AM | Computer Name = Als-Compy | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 8/21/2009 9:32:13 PM | Computer Name = Als-Compy | Source = HTTP | ID = 15016
Description =

Error - 8/22/2009 10:53:31 AM | Computer Name = Als-Compy | Source = HTTP | ID = 15016
Description =

Error - 8/24/2009 5:06:45 AM | Computer Name = Als-Compy | Source = Service Control Manager | ID = 7011
Description =

Error - 8/26/2009 1:30:31 AM | Computer Name = Als-Compy | Source = Service Control Manager | ID = 7011
Description =

Error - 8/26/2009 3:08:50 AM | Computer Name = Als-Compy | Source = HTTP | ID = 15016
Description =

Error - 8/27/2009 6:12:40 AM | Computer Name = Als-Compy | Source = HTTP | ID = 15016
Description =

Error - 8/27/2009 3:00:22 PM | Computer Name = Als-Compy | Source = HTTP | ID = 15016
Description =

Error - 8/28/2009 6:45:17 PM | Computer Name = Als-Compy | Source = Dhcp | ID = 1002
Description = The IP address lease 10.20.68.10 for the Network Card with network
address 0023543A83C1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/29/2009 9:51:21 AM | Computer Name = Als-Compy | Source = Service Control Manager | ID = 7011
Description =

Error - 8/29/2009 6:01:58 PM | Computer Name = Als-Compy | Source = Service Control Manager | ID = 7011
Description =


< End of report >
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 3rd, 2011, 6:17 pm

Here's the aswMBR.txt



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-03 17:56:49
-----------------------------
17:56:49.202 OS Version: Windows 6.0.6001 Service Pack 1
17:56:49.203 Number of processors: 2 586 0xF0D
17:56:49.205 ComputerName: ALS-COMPY UserName: Alex
17:56:50.719 Initialize success
18:00:32.898 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:00:32.904 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
18:00:34.937 Disk 0 MBR read successfully
18:00:34.941 Disk 0 MBR scan
18:00:34.945 Disk 0 unknown MBR code
18:00:34.954 Disk 0 scanning sectors +488392065
18:00:35.023 Disk 0 scanning C:\Windows\system32\drivers
18:00:40.877 Service scanning
18:00:42.499 Service .smb \* **LOCKED** 123
18:00:42.717 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:00:43.321 Modules scanning
18:00:52.685 Disk 0 trace - called modules:
18:00:52.711 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iastor.sys spoa.sys hal.dll >>UNKNOWN [0x888dc938]<<
18:00:52.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89501418]
18:00:52.726 3 CLASSPNP.SYS[8dfa1745] -> nt!IofCallDriver -> [0x89501ce0]
18:00:52.731 5 PCTCore.sys[8d99888f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x889a2028]
18:00:52.737 Scan finished successfully
18:06:18.964 Disk 0 MBR has been saved successfully to "K:\MBR.dat"
18:06:19.392 The log file has been saved successfully to "K:\aswMBR.txt"
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 4th, 2011, 2:13 am

Nothing much showing in your OTL log, there's a few minor issues, but nothing to explain a total lack of connectivity.

Your aswMBR log shows that you have a non-standard Master Boot Record (MBR), but this may be because the tool just does not recognise the one on your machine. It might also be because your MBR has been altered by a bootkit infection, so we'll need to check further to see if that is the case.

First

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

  • Download MBRFix and extract it to your Desktop.
  • Copy MBRFix.exe to the C:\ folder.
  • Click Start and in the Search programs and files box type cmd.exe
  • Right click on Cmd.exe and select Run as an Administrator.
  • When prompted by UAC, please allow the prompt.
    • This will open a Command box.
    • Type cd\ .... hit Enter
    • Now type the following command .... C:\MBRFix /drive 0 savembr C:\Backup_MBR_0.bin .... hit Enter (be careful to enter the spaces in the correct places or it won't work).
    • Exit the command window.
    • Check to make sure there is a file Backup_MBR_0.bin in your C:\ folder.
    • Let me know if you have any problems, or if the file is not created.

Next

I'd like you to check the file you've just created for Viruses.
C:\Backup_MBR_0.bin

  • Browse to the file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Post me the details please.

Summary of the logs I need from you in your next post:
  • TDSSKiller log
  • Details from VirusTotal or Jotti's scans


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware