Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Strange IE popups, Volume stuck on mute, speed decrease, etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 24th, 2012, 1:22 pm

I'll change that IE start page (like I said, I use Chrome anyways.)

Defogger re-enabled with no problems.

I noticed in the OTL log that no "stdrt.exe" process was found- this is probably because I had ended it earlier in order to use the audio on my computer! Ending that processes always lets me use the sound again, and when it's running, it looks like it's eating up a lot of CPU and memory in Task Manager.

However, symptoms are still present, and you'll see stdrt.exe is still at the top of the OTL Quick Scan! Here are both logs:


All processes killed
========== OTL ==========
No active process named stdrt.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== FILES ==========
C:\WINDOWS\Temp\mrt1.tmp folder moved successfully.
C:\WINDOWS\Temp\mrt2.tmp folder moved successfully.
C:\WINDOWS\Temp\mrt3.tmp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ryan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Camper

User: Chiptune
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mom and Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4249507 bytes
->Flash cache emptied: 841 bytes

User: Ryan
->Temp folder emptied: 661454 bytes
->Temporary Internet Files folder emptied: 44075148 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 219682096 bytes
->Flash cache emptied: 1388 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8118362 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 433719469 bytes

Total Files Cleaned = 678.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06242012_122140

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 6/24/2012 12:28:42 PM - Run 3
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 49.04% Memory free
2.11 Gb Paging File | 1.43 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.42 Gb Total Space | 19.87 Gb Free Space | 15.85% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 53.24 Gb Free Space | 35.73% Space Free | Partition Type: NTFS

Computer Name: BASEMENT | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 12:23:59 | 000,372,736 | ---- | M] ( ) -- C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe
PRC - [2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/26 12:59:14 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2012/03/26 12:58:47 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/02/15 20:10:56 | 000,688,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/03/30 01:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 23:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 12:23:59 | 000,307,200 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\mmfs2.dll
MOD - [2012/06/24 12:23:59 | 000,059,392 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\Yaso.mfx
MOD - [2012/06/24 12:23:59 | 000,012,800 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\Get.mfx
MOD - [2012/06/17 03:37:00 | 011,817,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/17 03:36:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/17 03:36:30 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/17 03:34:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:34:13 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/17 03:28:42 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/17 03:28:23 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/05/13 03:33:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:31:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:29:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:27:57 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/13 03:21:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:20:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/02 20:48:41 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/02 20:48:41 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2012/03/26 12:58:51 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/03/26 12:58:47 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/05/16 15:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/26 12:45:34 | 000,188,416 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinwcuiDLL.dll
MOD - [2007/10/30 23:29:24 | 000,151,617 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\blkwcapi.dll
MOD - [2006/02/24 11:40:56 | 000,061,440 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinHWStatus.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\GTW32N50.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lnsecsl.exe -- (Adobe Licensing Console)
SRV - [2012/03/26 12:59:14 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/27 16:07:25 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\7.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ryan\LOCALS~1\Temp\gkmixern.sys -- (gkmixern)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1lkrima)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/06/28 18:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/03/30 01:13:00 | 000,024,056 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/24 13:03:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/26 11:30:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/09/26 18:10:00 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/07/05 15:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp) Intel(r) Play(tm)
DRV - [2001/07/05 15:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 15:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud) Intel(r) Play(tm) USB Audio Filter (WDM)
DRV - [2001/04/27 09:28:02 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: I:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/17 19:17:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Private Browsing = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhgehldmbojedoeglnclpglgoggonjg\0.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/22 16:09:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Subliminal blaster Pro] C:\Program Files\SB Pro\subliminalblasterpro.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [TypingSatellite] C:\Program Files\TypingMaster\KBOOST.EXE (TypingMaster Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9C3F28-4C0E-43A1-91BB-D6608479494E}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB41ED32-2F4D-4C79-B138-DFF2DDCB5D2A}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 20:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Plugin Alliance
[2012/06/23 20:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Voxengo
[2012/06/23 20:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brainworx Music
[2012/06/23 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2012/06/23 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Brainworx Music
[2012/06/23 10:23:01 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.exe
[2012/06/22 22:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Deckadance19
[2012/06/22 22:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SongManager
[2012/06/22 22:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CrashPlan
[2012/06/22 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\CrashPlan
[2012/06/22 22:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2012/06/22 22:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\CrashPlan
[2012/06/22 16:09:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 01:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/19 12:32:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 19:40:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2012/06/17 19:38:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ryan\IECompatCache
[2012/06/17 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/06/17 12:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/06/14 23:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Sony PMB
[2012/06/14 23:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Sony Corporation
[2012/06/14 23:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PlayMemories Home
[2012/06/14 23:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/06/10 19:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line
[2012/06/03 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/01 13:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/01 13:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/06/24 12:30:02 | 000,012,825 | ---- | M] () -- C:\Windows\System32\tubekey.dat
[2012/06/24 12:29:38 | 000,000,105 | ---- | M] () -- C:\Windows\System32\get.dat
[2012/06/24 12:25:14 | 000,000,104 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2012/06/24 12:23:55 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 11:56:12 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007UA.job
[2012/06/24 02:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-BASEMENT-Ryan.job
[2012/06/23 21:55:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007Core.job
[2012/06/23 10:33:50 | 000,506,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/23 10:33:49 | 000,088,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/23 10:23:03 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.exe
[2012/06/23 10:22:42 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Defogger.exe
[2012/06/22 22:17:33 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/06/22 16:09:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/22 11:52:04 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/19 12:32:05 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 20:05:09 | 000,833,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 14:00:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:41:23 | 003,666,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 15:01:55 | 000,226,816 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 10:12:54 | 000,114,392 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 09:33:03 | 000,086,624 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 23:16:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/06/14 13:35:15 | 000,090,440 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:29:12 | 001,641,672 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:21:40 | 023,136,224 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:12:21 | 006,253,782 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/12 01:00:17 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/12 01:00:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Google Chrome.lnk
[2012/06/10 19:56:40 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/06/09 14:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\Superbas.ini
[2012/06/05 07:05:46 | 005,190,388 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/03 16:30:45 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 16:29:37 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Dropbox.lnk
[2012/06/01 13:33:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:55:33 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs

========== Files Created - No Company Name ==========

[2012/06/23 10:22:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Defogger.exe
[2012/06/22 22:17:33 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/06/19 12:32:01 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:05:02 | 000,833,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 14:00:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:46:30 | 000,012,825 | ---- | C] () -- C:\Windows\System32\tubekey.dat
[2012/06/17 12:46:15 | 000,000,105 | ---- | C] () -- C:\Windows\System32\get.dat
[2012/06/15 00:43:27 | 000,114,392 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 00:43:27 | 000,086,624 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 12:29:03 | 001,641,672 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:23:09 | 000,090,440 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:21:36 | 023,136,224 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:11:21 | 006,253,782 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/10 19:56:40 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:56 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | C] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/05 07:05:31 | 005,190,388 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/01 13:33:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:54:27 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs
[2012/04/18 17:08:25 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/04/02 15:58:59 | 000,650,657 | ---- | C] () -- C:\Program Files\lame3.99.5 (1).zip
[2012/03/25 15:28:13 | 000,078,960 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/03 20:21:51 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/03/01 14:01:36 | 000,003,072 | ---- | C] () -- C:\Windows\System32\iacenc.dll
[2012/02/29 23:17:28 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPluginConfiguration.xml
[2012/02/29 23:01:01 | 000,197,014 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAnalyzerpresets.xml
[2012/02/29 23:01:01 | 000,013,964 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFlangerpresets.xml
[2012/02/29 23:01:01 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MOscillatorpresets.xml
[2012/02/29 23:01:01 | 000,009,119 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFreqShifterpresets.xml
[2012/02/29 23:01:01 | 000,007,130 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerpresets.xml
[2012/02/29 23:01:01 | 000,006,687 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\menvelopepresets.xml
[2012/02/29 23:01:01 | 000,006,444 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MCompressorpresets.xml
[2012/02/29 23:01:01 | 000,005,622 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MNoiseGeneratorpresets.xml
[2012/02/29 23:01:01 | 000,005,138 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MWaveShaperpresets.xml
[2012/02/29 23:01:01 | 000,004,362 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPhaserpresets.xml
[2012/02/29 23:01:01 | 000,003,771 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MRingModulatorpresets.xml
[2012/02/29 23:01:01 | 000,002,820 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerAreasEditorpresets.xml
[2012/02/29 23:01:01 | 000,002,775 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MStereoExpanderpresets.xml
[2012/02/29 23:01:01 | 000,002,666 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MVibratopresets.xml
[2012/02/29 23:01:01 | 000,002,492 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MSpectralAnalyzerPrefilterpresets.xml
[2012/02/29 23:01:01 | 000,002,366 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MTremolopresets.xml
[2012/02/29 23:01:01 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAutopanpresets.xml
[2012/02/29 23:01:01 | 000,001,381 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MLimiterpresets.xml
[2012/02/29 23:01:01 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\mbasestyleconfigurationpresets.xml
[2012/02/29 23:01:01 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MValueToColor5presets.xml
[2012/02/19 21:54:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2012/01/28 17:03:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\x264_x64.ini
[2012/01/21 15:06:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2012/01/21 15:06:14 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011/08/11 19:40:44 | 000,074,340 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.2.2.exe
[2011/07/25 05:48:58 | 000,074,293 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.1.2.exe
[2011/07/16 15:43:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/06/28 18:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/05/31 16:46:14 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2011/05/31 16:46:14 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2011/05/31 16:46:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2011/05/28 19:15:56 | 000,000,040 | ---- | C] () -- C:\Windows\Superbas.ini
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/09 15:38:51 | 000,008,776 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2010/08/31 20:27:00 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2010/07/05 13:56:38 | 000,001,077 | ---- | C] () -- C:\Windows\unins000.dat
[2010/07/04 22:25:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2010/07/04 22:25:31 | 000,000,093 | ---- | C] () -- C:\Windows\netctrl.ini

========== LOP Check ==========

[2012/02/24 18:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2012/04/05 00:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/04/13 15:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/06/22 22:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2009/01/24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/02/25 19:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2007/03/25 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EarMaster
[2006/03/19 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2012/02/19 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2011/05/30 21:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012/02/29 23:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTexturedStyles
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/02/25 19:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/02/25 18:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/06 11:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2012/03/14 20:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/30 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/30 21:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/05/18 21:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/13 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/05/18 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/08/27 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 19:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/02/25 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/24 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2012/02/05 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/03 17:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Antares
[2005/12/23 17:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Atari
[2012/02/05 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ConverterLite
[2012/06/22 22:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\CrashPlan
[2012/02/25 17:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Cytomic
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools
[2009/01/24 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Lite
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Pro
[2012/06/22 22:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Deckadance19
[2012/02/24 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\deluge
[2012/02/25 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DriverFinder
[2012/06/24 12:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox
[2012/03/28 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoft
[2012/03/28 23:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers
[2009/04/03 21:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EarMaster
[2012/06/05 22:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\FileZilla
[2012/04/10 22:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\fltk.org
[2012/06/14 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2009/03/28 17:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Garritan
[2006/07/15 11:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GEAR Video 8.01
[2012/02/24 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2012/05/19 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HandBrake
[2012/04/10 15:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\highc
[2012/02/20 00:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\KORG
[2005/12/23 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MeldaProduction
[2012/01/28 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mkvtoolnix
[2011/05/30 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSNInstaller
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSPS
[2012/02/29 23:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MTexturedStyles
[2009/07/03 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\NetMedia Providers
[2011/07/16 15:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Noteworthy Software
[2009/01/25 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Nuance
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PACE Anti-Piracy
[2009/03/28 18:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Plogue
[2012/06/23 20:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Plugin Alliance
[2012/03/29 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PrimoPDF
[2006/09/04 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Publish Providers
[2012/01/21 16:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me
[2008/01/17 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\rockbox.org
[2006/07/08 08:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Seven Zip
[2010/06/25 15:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Smartelectronix
[2012/06/22 22:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SongManager
[2012/05/18 22:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony
[2012/05/18 22:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Creative Software Inc
[2009/05/25 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Setup
[2012/06/09 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Spotify
[2011/06/16 17:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TypingMaster7
[2012/06/23 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Voxengo
[2012/02/19 23:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Waldorf
[2011/09/07 19:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Western Digital

========== Purity Check ==========



< End of report >
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm
Advertisement
Register to Remove

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 24th, 2012, 3:11 pm

rlmark,
OK.
IT HAS BEEN REMOVED.
Something is reinstalling it.
May have to do a Reg Search to find the culprit(s).
Let's do these first.
---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *stdrt*
    *adbcnsl*
    *regsrv*
    
    :Folderfind
    mrt*.tmp
    
    :Regfind
    stdrt /s
    regsrv /s
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 24th, 2012, 6:48 pm

Looks like a tricky one, eh?


SystemLook 30.07.11 by jpshortstuff
Log created at 18:35 on 24/06/2012 by Ryan
Administrator - Elevation successful

========== filefind ==========

Searching for "*stdrt*"
C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe --a---- 372736 bytes [16:23 24/06/2012] [16:23 24/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2
C:\_OTL\MovedFiles\06242012_122140\C_WINDOWS\Temp\mrt1.tmp\stdrt.exe --a---- 372736 bytes [20:11 22/06/2012] [20:11 22/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2
C:\_OTL\MovedFiles\06242012_122140\C_WINDOWS\Temp\mrt2.tmp\stdrt.exe --a---- 372736 bytes [14:28 23/06/2012] [14:28 23/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2
C:\_OTL\MovedFiles\06242012_122140\C_WINDOWS\Temp\mrt3.tmp\stdrt.exe --a---- 372736 bytes [19:27 23/06/2012] [19:27 23/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2

Searching for "*adbcnsl*"
No files found.

Searching for "*regsrv*"
No files found.

========== Folderfind ==========

Searching for "mrt*.tmp"
C:\WINDOWS\Temp\mrt1.tmp d------ [16:23 24/06/2012]
C:\_OTL\MovedFiles\06242012_122140\C_WINDOWS\Temp\mrt1.tmp d------ [20:11 22/06/2012]
C:\_OTL\MovedFiles\06242012_122140\C_WINDOWS\Temp\mrt2.tmp d------ [14:28 23/06/2012]
C:\_OTL\MovedFiles\06242012_122140\C_WINDOWS\Temp\mrt3.tmp d------ [19:27 23/06/2012]

========== Regfind ==========

Searching for "stdrt /s"
No data found.

Searching for "regsrv /s"
No data found.

-= EOF =-
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 24th, 2012, 7:16 pm

rlmark,
If it doesn't work this time, we are in for some extensive searches.
It appears to be a new version of the infection.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Files
    C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe
    C:\WINDOWS\Temp\mrt*.tmp
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :Filefind
    *txagent*
    :folderfind
    *txagent*
    :regfind
    stdrt
    regsrv
    txagent
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 24th, 2012, 7:50 pm

Here are the logs, in order:


All processes killed
========== FILES ==========
C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe moved successfully.
C:\WINDOWS\Temp\mrt1.tmp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ryan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Camper

User: Chiptune
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mom and Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Flash cache emptied: 727 bytes

User: Ryan
->Temp folder emptied: 444171 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6320728 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06242012_192014

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 6/24/2012 7:24:31 PM - Run 4
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 59.75% Memory free
2.11 Gb Paging File | 1.60 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.42 Gb Total Space | 19.84 Gb Free Space | 15.82% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 53.13 Gb Free Space | 35.66% Space Free | Partition Type: NTFS

Computer Name: BASEMENT | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 19:22:29 | 000,372,736 | ---- | M] ( ) -- C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe
PRC - [2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/04 01:53:58 | 000,405,912 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/04/04 01:53:56 | 000,036,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
PRC - [2012/03/26 12:59:14 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2012/03/26 12:58:47 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/02/15 20:10:56 | 000,688,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/01/03 09:10:46 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/03/30 01:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 23:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 19:22:30 | 000,307,200 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\mmfs2.dll
MOD - [2012/06/24 19:22:30 | 000,059,392 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\Yaso.mfx
MOD - [2012/06/24 19:22:30 | 000,012,800 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\Get.mfx
MOD - [2012/06/17 03:36:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/17 03:36:30 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/17 03:34:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:34:13 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/17 03:28:42 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/17 03:28:23 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/13 03:33:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:31:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:29:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:27:57 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/13 03:21:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:20:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/03/26 12:58:51 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/03/26 12:58:47 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/26 12:45:34 | 000,188,416 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinwcuiDLL.dll
MOD - [2007/10/30 23:29:24 | 000,151,617 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\blkwcapi.dll
MOD - [2006/02/24 11:40:56 | 000,061,440 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinHWStatus.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\GTW32N50.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lnsecsl.exe -- (Adobe Licensing Console)
SRV - [2012/03/26 12:59:14 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/27 16:07:25 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\7.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ryan\LOCALS~1\Temp\gkmixern.sys -- (gkmixern)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adboxjzs)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/06/28 18:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/03/30 01:13:00 | 000,024,056 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/24 13:03:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/26 11:30:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/09/26 18:10:00 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/07/05 15:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp) Intel(r) Play(tm)
DRV - [2001/07/05 15:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 15:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud) Intel(r) Play(tm) USB Audio Filter (WDM)
DRV - [2001/04/27 09:28:02 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: I:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/17 19:17:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Private Browsing = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhgehldmbojedoeglnclpglgoggonjg\0.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/22 16:09:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Subliminal blaster Pro] C:\Program Files\SB Pro\subliminalblasterpro.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [TypingSatellite] C:\Program Files\TypingMaster\KBOOST.EXE (TypingMaster Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9C3F28-4C0E-43A1-91BB-D6608479494E}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB41ED32-2F4D-4C79-B138-DFF2DDCB5D2A}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 20:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Plugin Alliance
[2012/06/23 20:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Voxengo
[2012/06/23 20:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brainworx Music
[2012/06/23 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2012/06/23 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Brainworx Music
[2012/06/23 10:23:01 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.exe
[2012/06/22 22:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Deckadance19
[2012/06/22 22:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SongManager
[2012/06/22 22:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CrashPlan
[2012/06/22 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\CrashPlan
[2012/06/22 22:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2012/06/22 22:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\CrashPlan
[2012/06/22 16:09:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 01:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/19 12:32:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 19:40:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2012/06/17 19:38:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ryan\IECompatCache
[2012/06/17 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/06/17 12:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/06/14 23:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Sony PMB
[2012/06/14 23:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Sony Corporation
[2012/06/14 23:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PlayMemories Home
[2012/06/14 23:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/06/10 19:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line
[2012/06/03 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/01 13:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/01 13:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/06/24 19:28:36 | 000,012,825 | ---- | M] () -- C:\Windows\System32\tubekey.dat
[2012/06/24 19:28:17 | 000,000,105 | ---- | M] () -- C:\Windows\System32\get.dat
[2012/06/24 19:23:23 | 000,000,104 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2012/06/24 19:22:26 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 18:55:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007UA.job
[2012/06/24 02:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-BASEMENT-Ryan.job
[2012/06/23 21:55:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007Core.job
[2012/06/23 16:18:00 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\SystemLook.exe
[2012/06/23 10:33:50 | 000,506,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/23 10:33:49 | 000,088,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/23 10:23:03 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.exe
[2012/06/23 10:22:42 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Defogger.exe
[2012/06/22 22:17:33 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/06/22 16:09:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/22 11:52:04 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/19 12:32:05 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 20:05:09 | 000,833,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 14:00:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:41:23 | 003,666,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 15:01:55 | 000,226,816 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 10:12:54 | 000,114,392 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 09:33:03 | 000,086,624 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 23:16:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/06/14 13:35:15 | 000,090,440 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:29:12 | 001,641,672 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:21:40 | 023,136,224 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:12:21 | 006,253,782 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/12 01:00:17 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/12 01:00:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Google Chrome.lnk
[2012/06/10 19:56:40 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/06/09 14:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\Superbas.ini
[2012/06/05 07:05:46 | 005,190,388 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/03 16:30:45 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 16:29:37 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Dropbox.lnk
[2012/06/01 13:33:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:55:33 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs

========== Files Created - No Company Name ==========

[2012/06/23 16:18:00 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\SystemLook.exe
[2012/06/23 10:22:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Defogger.exe
[2012/06/22 22:17:33 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/06/19 12:32:01 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:05:02 | 000,833,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 14:00:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:46:30 | 000,012,825 | ---- | C] () -- C:\Windows\System32\tubekey.dat
[2012/06/17 12:46:15 | 000,000,105 | ---- | C] () -- C:\Windows\System32\get.dat
[2012/06/15 00:43:27 | 000,114,392 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 00:43:27 | 000,086,624 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 12:29:03 | 001,641,672 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:23:09 | 000,090,440 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:21:36 | 023,136,224 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:11:21 | 006,253,782 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/10 19:56:40 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:56 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | C] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/05 07:05:31 | 005,190,388 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/01 13:33:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:54:27 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs
[2012/04/18 17:08:25 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/04/02 15:58:59 | 000,650,657 | ---- | C] () -- C:\Program Files\lame3.99.5 (1).zip
[2012/03/25 15:28:13 | 000,078,960 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/03 20:21:51 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/03/01 14:01:36 | 000,003,072 | ---- | C] () -- C:\Windows\System32\iacenc.dll
[2012/02/29 23:17:28 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPluginConfiguration.xml
[2012/02/29 23:01:01 | 000,197,014 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAnalyzerpresets.xml
[2012/02/29 23:01:01 | 000,013,964 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFlangerpresets.xml
[2012/02/29 23:01:01 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MOscillatorpresets.xml
[2012/02/29 23:01:01 | 000,009,119 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFreqShifterpresets.xml
[2012/02/29 23:01:01 | 000,007,130 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerpresets.xml
[2012/02/29 23:01:01 | 000,006,687 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\menvelopepresets.xml
[2012/02/29 23:01:01 | 000,006,444 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MCompressorpresets.xml
[2012/02/29 23:01:01 | 000,005,622 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MNoiseGeneratorpresets.xml
[2012/02/29 23:01:01 | 000,005,138 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MWaveShaperpresets.xml
[2012/02/29 23:01:01 | 000,004,362 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPhaserpresets.xml
[2012/02/29 23:01:01 | 000,003,771 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MRingModulatorpresets.xml
[2012/02/29 23:01:01 | 000,002,820 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerAreasEditorpresets.xml
[2012/02/29 23:01:01 | 000,002,775 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MStereoExpanderpresets.xml
[2012/02/29 23:01:01 | 000,002,666 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MVibratopresets.xml
[2012/02/29 23:01:01 | 000,002,492 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MSpectralAnalyzerPrefilterpresets.xml
[2012/02/29 23:01:01 | 000,002,366 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MTremolopresets.xml
[2012/02/29 23:01:01 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAutopanpresets.xml
[2012/02/29 23:01:01 | 000,001,381 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MLimiterpresets.xml
[2012/02/29 23:01:01 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\mbasestyleconfigurationpresets.xml
[2012/02/29 23:01:01 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MValueToColor5presets.xml
[2012/02/19 21:54:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2012/01/28 17:03:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\x264_x64.ini
[2012/01/21 15:06:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2012/01/21 15:06:14 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011/08/11 19:40:44 | 000,074,340 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.2.2.exe
[2011/07/25 05:48:58 | 000,074,293 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.1.2.exe
[2011/07/16 15:43:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/06/28 18:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/05/31 16:46:14 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2011/05/31 16:46:14 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2011/05/31 16:46:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2011/05/28 19:15:56 | 000,000,040 | ---- | C] () -- C:\Windows\Superbas.ini
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/09 15:38:51 | 000,008,776 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2010/08/31 20:27:00 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2010/07/05 13:56:38 | 000,001,077 | ---- | C] () -- C:\Windows\unins000.dat
[2010/07/04 22:25:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2010/07/04 22:25:31 | 000,000,093 | ---- | C] () -- C:\Windows\netctrl.ini

========== LOP Check ==========

[2012/02/24 18:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2012/04/05 00:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/04/13 15:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/06/22 22:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2009/01/24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/02/25 19:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2007/03/25 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EarMaster
[2006/03/19 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2012/02/19 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2011/05/30 21:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012/02/29 23:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTexturedStyles
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/02/25 19:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/02/25 18:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/06 11:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2012/03/14 20:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/30 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/30 21:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/05/18 21:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/13 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/05/18 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/08/27 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 19:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/02/25 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/24 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2012/02/05 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/03 17:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Antares
[2005/12/23 17:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Atari
[2012/02/05 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ConverterLite
[2012/06/22 22:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\CrashPlan
[2012/02/25 17:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Cytomic
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools
[2009/01/24 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Lite
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Pro
[2012/06/22 22:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Deckadance19
[2012/02/24 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\deluge
[2012/02/25 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DriverFinder
[2012/06/24 19:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox
[2012/03/28 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoft
[2012/03/28 23:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers
[2009/04/03 21:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EarMaster
[2012/06/05 22:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\FileZilla
[2012/04/10 22:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\fltk.org
[2012/06/14 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2009/03/28 17:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Garritan
[2006/07/15 11:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GEAR Video 8.01
[2012/02/24 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2012/05/19 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HandBrake
[2012/04/10 15:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\highc
[2012/02/20 00:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\KORG
[2005/12/23 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MeldaProduction
[2012/01/28 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mkvtoolnix
[2011/05/30 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSNInstaller
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSPS
[2012/02/29 23:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MTexturedStyles
[2009/07/03 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\NetMedia Providers
[2011/07/16 15:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Noteworthy Software
[2009/01/25 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Nuance
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PACE Anti-Piracy
[2009/03/28 18:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Plogue
[2012/06/23 20:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Plugin Alliance
[2012/03/29 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PrimoPDF
[2006/09/04 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Publish Providers
[2012/01/21 16:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me
[2008/01/17 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\rockbox.org
[2006/07/08 08:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Seven Zip
[2010/06/25 15:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Smartelectronix
[2012/06/22 22:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SongManager
[2012/05/18 22:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony
[2012/05/18 22:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Creative Software Inc
[2009/05/25 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Setup
[2012/06/09 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Spotify
[2011/06/16 17:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TypingMaster7
[2012/06/23 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Voxengo
[2012/02/19 23:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Waldorf
[2011/09/07 19:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Western Digital

========== Purity Check ==========



< End of report >



SystemLook 30.07.11 by jpshortstuff
Log created at 19:36 on 24/06/2012 by Ryan
Administrator - Elevation successful

========== Filefind ==========

Searching for "*txagent*"
No files found.

========== folderfind ==========

Searching for "*txagent*"
No folders found.

========== regfind ==========

Searching for "stdrt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"c"="C:\WINDOWS\Temp\mrt6.tmp\stdrt.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"f"="C:\WINDOWS\Temp\mrt3.tmp\stdrt.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"="stdrt.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication]
"Name"="stdrt.exe"
[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"c"="C:\WINDOWS\Temp\mrt6.tmp\stdrt.exe"
[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"f"="C:\WINDOWS\Temp\mrt3.tmp\stdrt.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication]
"Name"="stdrt.exe"

Searching for "regsrv"
No data found.

Searching for "txagent"
No data found.

-= EOF =-
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 25th, 2012, 7:21 am

rlmark,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "c"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "f"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
    "Name"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication]
    "Name"=-
    [HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "c"=-
    [HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "f"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication]
    "Name"=-
    
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • You DON'T need to run OTL again right now, or post the log.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop but don't run it yet.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".

-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply.[/color][/b]
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.

So we are looking for the log from RogueKiller, and the Combofix log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 25th, 2012, 11:48 am

Things are looking good here right now- not noticing any symptoms any more. MSE has found nothing on the Quick Scan, I'm having it run a "Full Scan" now just in case.

Here are the two logs.


RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ryan [Admin rights]
Mode: Scan -- Date: 06/25/2012 09:24:29

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] stdrt.exe -- C:\Windows\TEMP\mrt2.tmp\stdrt.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y160P0 +++++
--- User ---
[MBR] 4fb2a4b4fd68947d4ea3b5868139d798
[BSP] 7e46cdcaafe72a97e1e00c84f659e350 : Linux MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 128433 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160812AS +++++
--- User ---
[MBR] 2b69c66fe2d5ead0ce8a897fe8e6c3b1
[BSP] eec2725263366f65db145a77482485bb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



ComboFix 12-06-25.03 - Ryan 06/25/2012 9:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.896 [GMT -4:00]
Running from: c:\documents and settings\Ryan\Desktop\zzz.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kristin\WINDOWS
c:\documents and settings\Ryan\WINDOWS
c:\program files\outlook
c:\windows\system32\FAST2002.ocx
c:\windows\system32\msvcsv60.dll
c:\windows\system32\PCLECoInst.dll
c:\windows\TEMP\jna4088896948021796009.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Adobe Licensing Console
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-24 00:06 . 2012-06-24 00:06 -------- d-----w- c:\documents and settings\Ryan\Application Data\Plugin Alliance
2012-06-24 00:03 . 2012-06-24 00:03 -------- d-----w- c:\documents and settings\Ryan\Application Data\Voxengo
2012-06-24 00:02 . 2012-06-24 00:02 -------- d-----w- c:\program files\Common Files\Avid
2012-06-24 00:02 . 2012-06-24 00:02 -------- d-----w- c:\program files\Brainworx Music
2012-06-23 02:52 . 2012-06-23 02:52 -------- d-----w- c:\documents and settings\Ryan\Application Data\Deckadance19
2012-06-23 02:49 . 2012-06-23 02:52 -------- d-----w- c:\documents and settings\Ryan\Application Data\SongManager
2012-06-23 02:16 . 2012-06-23 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CrashPlan
2012-06-23 02:16 . 2012-06-23 02:16 -------- d-----w- c:\program files\CrashPlan
2012-06-23 02:15 . 2012-06-23 02:17 -------- d-----w- c:\documents and settings\Ryan\Application Data\CrashPlan
2012-06-22 20:09 . 2012-06-22 20:09 -------- d-----w- C:\_OTL
2012-06-21 05:42 . 2012-06-21 05:42 -------- d-----w- c:\program files\ESET
2012-06-17 23:38 . 2012-06-17 23:38 -------- d-sh--w- c:\documents and settings\Ryan\IECompatCache
2012-06-17 16:51 . 2012-06-17 16:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-15 03:24 . 2012-06-15 03:24 -------- d-----w- c:\documents and settings\Ryan\Application Data\Sony Corporation
2012-06-15 03:23 . 2012-06-15 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2012-06-13 08:18 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-10 23:45 . 2012-06-10 23:45 915879 ----a-w- c:\windows\system32\lnsecsl.exe
2012-06-03 20:30 . 2012-06-03 20:30 -------- d-----w- c:\program files\Dropbox
2012-06-01 17:31 . 2012-06-01 17:33 -------- d-----w- c:\program files\iTunes
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-06-01 17:25 . 2012-06-01 17:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 19:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 19:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 19:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 18:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 19:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 19:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2012-03-25 13:30 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2012-03-25 13:30 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2012-03-25 13:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 18:51 1863168 ------w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 18:51 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 18:51 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2004-08-10 18:51 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 04:59 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 19:01 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-18 21:08 . 2012-04-18 21:08 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe
2012-04-05 04:22 . 2012-04-05 04:19 11881936 ----a-w- c:\documents and settings\Ryan\gosetup.exe
2012-04-04 19:56 . 2011-05-02 20:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:53 . 2012-04-04 05:53 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-04 05:53 . 2012-04-04 05:53 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TypingSatellite"="c:\program files\TypingMaster\KBOOST.EXE" [2007-08-14 1243152]
"Spotify Web Helper"="c:\documents and settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-13 932528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Subliminal blaster Pro"="c:\program files\SB Pro\subliminalblasterpro.exe" [2006-04-05 1403392]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"KORG USB-MIDI Driver"="c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-16 688184]
.
c:\documents and settings\Ryan\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2012-3-26 217088]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2011-11-13 11:53 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ------w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 13:03 425984 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-11-26 15:30 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 01:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 16:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash Builder 4.5\\FlashBuilder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Ryan\\Application Data\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\Ryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7935:TCP"= 7935:TCP:Adobe Flash Builder 4.5
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/24/2009 1:03 PM 717296]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [3/26/2012 12:59 PM 152576]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2/25/2012 7:28 PM 132768]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2/25/2012 7:13 PM 12184]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2/15/2012 8:11 PM 459832]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
S3 gkmixern;gkmixern;\??\c:\docume~1\Ryan\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Ryan\LOCALS~1\Temp\gkmixern.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/26/2009 1:58 PM 39048]
S3 idmc1aud;Intel(r) Play(tm) USB Audio Filter (WDM);c:\windows\system32\drivers\idmc1aud.sys [2/26/2006 6:16 PM 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver;c:\windows\system32\drivers\IDMC1Blk.sys [2/26/2006 6:16 PM 14628]
S3 IDMC1Vxp;Intel(r) Play(tm) DMC Camera;c:\windows\system32\drivers\idmc1vme.sys [2/26/2006 6:16 PM 416564]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [3/30/2011 1:13 AM 24056]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [3/17/2006 6:31 PM 131776]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/7/2011 7:24 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-BASEMENT-Ryan.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-14 12:46]
.
2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007Core.job
- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-21 19:37]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007UA.job
- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-21 19:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Ryan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 10.0.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
MSConfigStartUp-winupdates - c:\program files\winupdates\winupdates.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-25 09:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Noromaa Solutions\BrainWave Generator\3]
@Denied: (A) (Administrators)
@Denied: (A) (RestrictedCode)
@Denied: (A) (S-1-5-21-1810697113-279428050-2671847038-1007)
@Denied: (A) (LocalSystem)
"LicenseData"=hex:56,11,2f,69,2a,4f,44,cf,b7,38
"LicenseChecksum"=hex:ee,63,4f,05,2a,4f,70,7d,54,38,56,43,1f,2a,77,60
"InstallData"=hex:03,00,00,00,01,00,00,00,0c,00,00,00,00,00,00,00,80,40,31,be,
2d,22,c7,01
"SelectedPreset"="BUILTIN: Relaxation 1 (general)"
"ShowParams"=dword:00000001
"DoNotShowVolumeZeroWarning"=dword:00000000
"DoNotShowOptionsWhilePlaying"=dword:00000000
"DoNotShowPitchRight"=dword:00000000
"DoNotShowSegEndZeroWarning"=dword:00000000
"DoNotShowGlobalVisOptWarning"=dword:00000000
"DoNotShowVisualLeftRightWarning"=dword:00000000
"VisualOutput"=dword:00000000
"VisualOptions"=hex:02,00,00,00,00,00,ff,00,00,ff,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"RegistrationKey"="777777-8888"
"RegistrationName"="ArCs Team"
.
[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Noromaa Solutions\BrainWave Generator\3\Advanced]
"MemoryBlocks"=dword:00000004
"LenOfBlocks"=dword:000000c8
"SamplesPerSec"=dword:0000ac44
"Bits16"=dword:00000001
"InvertSound"=dword:00000000
"ImmediatePause"=dword:00000001
"ThreadTimeCritical"=dword:00000000
"DecommitThreshold"=dword:0000000a
"UseDirectDraw"=dword:00000001
"AudioStrobeZeroLevel"=dword:00000032
"AudioStrobeMaxLevel"=dword:00000064
"AudioStrobeWaveform"=dword:01f403e8
"AudioStrobeDutyCycle"=dword:00000032
"HasAudioStrobe"=dword:00000001
"NodesInNewParam"=dword:00000003
"ConfirmCancelInPresetOptions"=dword:00000001
"LinkAdjacentSegmentsInPresetOptions"=dword:00000001
"PlayDelayTime"=dword:000003e8
"CustColorTable"=hex:00,00,80,00,00,80,00,00,80,00,80,00,ff,00,00,00,ff,80,00,
00,ff,00,ff,00,ff,80,80,00,00,ff,ff,00,80,00,00,00,00,80,80,00,00,00,ff,00,\
"RunConfigWizard"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Noromaa Solutions\BrainWave Generator\3\Windows]
@Class="REG_DWORD"
"MainX"=dword:0000009a
"MainY"=dword:0000009a
"MainWidth"=dword:00000210
"MainHeight"=dword:00000096
"OptionsX"=dword:80000000
"OptionsY"=dword:00000000
"OptionsWidth"=dword:00000000
"OptionsHeight"=dword:00000000
"ModulationX"=dword:80000000
"ModulationY"=dword:00000000
"ModulationWidth"=dword:00000000
"ModulationHeight"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\WININET.dll
c:\documents and settings\Ryan\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Citrix\GoToMyPC\g2svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-06-25 10:04:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 14:04
.
Pre-Run: 21,924,302,848 bytes free
Post-Run: 21,744,775,168 bytes free
.
- - End Of File - - 83226055C9AD714A90FF1D7076B52307
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 25th, 2012, 12:01 pm

rlmark,
Logs look good.
Sorry it took so long.
If you open OTL, and click the Clean Up button, it will remove most of our tools.
Make sure you keep Windows and your Antivirus up to date.
If no other issues, good luck!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 27th, 2012, 7:24 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware