Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ISP says I'm infected with a bot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ISP says I'm infected with a bot

Unread postby Ferago » August 21st, 2013, 5:48 pm

Hello I received this email from my ISP saying that my computer is infected with a bot.

"Our Rogers security team has identified that one or more of the computers or network devices connected to your Rogers Hi-Speed Internet service appears to have been infected with a Bot/Virus.

This virus runs behind the scenes on your computer and can be used to send out SPAM messages, attack internet websites, infect other computers, and even access personal files and confidential information on your computer without your knowledge, posting a serious security threat.

Please take immediate action to remove the Bot/Virus from your affected computer(s). If you are unable to remove the virus within the next 48 hours, we regret we may temporarily suspend your internet access to protect your security as well as the security of other customers and our network.

IP 99.240.227.41 seen acting as an Botnet Drone 2013-08-16 00:03:17.
data:
Timestamp = 2013-08-16 00:03:17
IP = 99.240.227.41
ASN = 812
HOSTNAME = CPEbc1401e324d3-CMbc1401e324d0.cpe.net.cable.rogers.com
CNC ASN = 22773
CNC Port = 16464
Vir Guess = ZeroAccess"

There are two computers on my network and I don't know which one is supposed to be infected, should I post logs for both? For now here are the logs from the main computer. If I try to use DDS I get a bluescreen so I used OTL:

OTL logfile created on: 21/08/2013 5:30:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.89% Memory free
3.87 Gb Paging File | 3.09 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 496.81 Gb Free Space | 53.33% Space Free | Partition Type: NTFS
Drive E: | 456.34 Gb Total Space | 55.55 Gb Free Space | 12.17% Space Free | Partition Type: NTFS

Computer Name: DAN-AEU4I5P5IE0 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 16:27:32 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/28 11:40:16 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2013/05/08 15:36:56 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2013/04/11 12:03:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2007/10/16 12:35:42 | 000,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
PRC - [2007/09/06 12:19:14 | 001,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2001/06/10 21:28:02 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/17 16:27:31 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/08 15:36:56 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
MOD - [2007/10/16 12:35:42 | 000,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
MOD - [2007/09/06 12:19:14 | 001,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
MOD - [2007/08/16 23:40:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2001/06/10 21:28:02 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/15 12:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2007/10/12 18:03:52 | 000,918,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2007/10/12 18:03:12 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2013/08/17 16:27:31 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/28 11:40:16 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/08 15:36:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/03/15 01:48:20 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 02:48:29 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/17 01:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2005/03/25 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}






IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 0A 00 3E 70 90 CE 01 [binary data]
IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/23 00:57:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 16.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2013/07/23 00:57:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 16.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins

[2013/01/20 01:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/07/31 12:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions
[2013/07/03 12:38:12 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2013/06/28 11:34:09 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/04/14 16:15:37 | 000,018,856 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\downintab@max.max.xpi
[2013/05/03 10:55:47 | 000,114,250 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\nosquint@urandom.ca.xpi
[2012/11/30 21:29:04 | 000,008,001 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\tineye@ideeinc.com.xpi
[2013/01/29 02:23:44 | 000,142,907 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\unplug@compunach.xpi
[2013/07/03 12:38:12 | 000,007,501 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\virtual.keyboard@hot-virtual-keyboard.com.xpi
[2013/07/31 12:25:31 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 01:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 16:27:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2763265585-558305376-1988983592-500..\Run: [WallPaper] C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)
O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F3EA4E9-F43E-4938-948F-1067CBABD379}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/21 02:09:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/17 15:27:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8169b91a-6708-11e2-b23e-001e8ce0e0af}\Shell - "" = AutoRun
O33 - MountPoints2\{8169b91a-6708-11e2-b23e-001e8ce0e0af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8169b91a-6708-11e2-b23e-001e8ce0e0af}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{bb7e74a7-3366-11e2-80da-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bb7e74a7-3366-11e2-80da-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb7e74a7-3366-11e2-80da-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/21 17:28:53 | 000,688,992 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
[2013/08/21 16:28:25 | 000,688,992 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2013/08/21 16:27:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2013/08/21 16:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\virus repair kit
[2013/08/01 18:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WikidPad
[2013/08/01 18:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WikidPad
[2013/08/01 18:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WikidPad
[2013/07/25 19:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\BillardGL 1.75
[2013/07/25 19:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillardGL 1.75
[2013/07/23 11:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2013/07/23 00:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/07/23 00:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/07/23 00:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/07/23 00:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/07/23 00:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2013/07/23 00:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/07/23 00:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/07/23 00:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2013/07/23 00:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\womble
[2013/07/23 00:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MPEG Video Wizard DVD 5.0
[2013/07/23 00:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Womble Multimedia
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/21 17:29:12 | 000,688,992 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
[2013/08/21 16:31:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/21 16:26:07 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\4mbfrsi6.exe
[2013/08/21 16:25:18 | 000,688,992 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2013/08/21 16:21:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2013/08/21 15:38:05 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Text Document.rtf
[2013/08/21 14:14:04 | 000,144,017 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BcQML1C.jpg
[2013/08/21 13:51:33 | 000,519,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\new banner.jpg
[2013/08/20 02:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DAN-AEU4I5P5IE0-Administrator.job
[2013/08/19 21:09:27 | 000,070,869 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\breaking gomi.jpg
[2013/08/19 16:52:33 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/19 12:20:50 | 000,126,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gg-allin-p1-s0.jpg
[2013/08/19 12:20:43 | 000,101,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gg-allin-p3-s0.jpg
[2013/08/19 12:20:33 | 000,065,981 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gg-allin-p2-s0.jpg
[2013/08/19 02:18:37 | 000,462,317 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DiqXE5Q.jpg
[2013/08/16 10:13:12 | 000,084,453 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\B3wGPdX.jpg
[2013/08/13 22:47:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2013/08/13 13:52:21 | 000,094,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\qFamGOX.jpg
[2013/08/12 22:10:54 | 000,935,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVIAddXSub.zip
[2013/08/09 23:25:09 | 000,274,372 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Metal-Gear-Solid-3-Wallpaper-1024x768.jpg
[2013/08/09 23:21:03 | 000,257,147 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Game-Play-Metal-Gear-Solid-HD-Wallpaper.jpg
[2013/08/08 23:56:14 | 736,284,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hard Targetdvd-prithwi.avi
[2013/08/08 22:40:15 | 238,814,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dchha49_The_American_Peril.mp3
[2013/08/07 13:49:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/08/06 12:12:01 | 000,417,349 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\simpson__s_house_cutaway_first_floor_by_ajdelong-d5di5hs.jpg
[2013/07/31 17:53:16 | 000,052,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Season_2_-_Marie.jpg
[2013/07/23 01:30:32 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/07/23 00:43:59 | 005,844,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kill switch.mpg
[2013/07/23 00:36:06 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MPEG Video Wizard DVD 5.0.lnk
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/21 16:30:52 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\4mbfrsi6.exe
[2013/08/21 16:04:02 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Text Document.rtf
[2013/08/21 14:14:03 | 000,144,017 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BcQML1C.jpg
[2013/08/21 13:51:30 | 000,519,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\new banner.jpg
[2013/08/19 21:09:27 | 000,070,869 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\breaking gomi.jpg
[2013/08/19 12:20:50 | 000,126,248 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gg-allin-p1-s0.jpg
[2013/08/19 12:20:43 | 000,101,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gg-allin-p3-s0.jpg
[2013/08/19 12:20:32 | 000,065,981 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gg-allin-p2-s0.jpg
[2013/08/19 02:18:36 | 000,462,317 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DiqXE5Q.jpg
[2013/08/16 10:13:11 | 000,084,453 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\B3wGPdX.jpg
[2013/08/13 22:47:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2013/08/13 13:52:20 | 000,094,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\qFamGOX.jpg
[2013/08/12 22:10:51 | 000,935,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVIAddXSub.zip
[2013/08/09 23:25:09 | 000,274,372 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Metal-Gear-Solid-3-Wallpaper-1024x768.jpg
[2013/08/09 23:21:02 | 000,257,147 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Game-Play-Metal-Gear-Solid-HD-Wallpaper.jpg
[2013/08/08 23:44:45 | 736,284,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hard Targetdvd-prithwi.avi
[2013/08/08 22:38:05 | 238,814,831 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dchha49_The_American_Peril.mp3
[2013/08/06 12:12:01 | 000,417,349 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\simpson__s_house_cutaway_first_floor_by_ajdelong-d5di5hs.jpg
[2013/07/31 17:53:16 | 000,052,939 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Season_2_-_Marie.jpg
[2013/07/23 01:30:32 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/07/23 00:56:23 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/07/23 00:43:58 | 005,844,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kill switch.mpg
[2013/07/23 00:36:06 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MPEG Video Wizard DVD 5.0.lnk
[2013/05/08 15:30:39 | 000,281,152 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2013/05/08 15:30:23 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2013/05/01 02:48:04 | 000,303,865 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2763265585-558305376-1988983592-500-0.dat
[2013/04/22 02:11:39 | 000,223,814 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/04/14 14:04:23 | 000,167,936 | ---- | C] () -- C:\WINDOWS\UOUninst.exe
[2013/04/05 23:21:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/03/01 21:58:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/27 03:26:20 | 000,112,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/01 01:18:29 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/11/30 02:14:48 | 000,004,910 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\soulseek-client.dat
[2012/11/24 00:52:51 | 000,598,222 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/11/23 14:50:46 | 000,178,688 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2012/11/22 20:55:08 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/21 17:02:35 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll
[2012/11/21 17:02:35 | 000,013,632 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
[2012/11/21 17:02:32 | 000,012,096 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys
[2012/11/21 17:02:32 | 000,010,304 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys
[2012/11/21 17:01:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2012/11/21 17:00:55 | 000,044,136 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2012/11/21 16:53:49 | 000,015,866 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2012/11/21 16:53:33 | 000,015,625 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/11/21 16:53:21 | 000,012,536 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2012/11/21 12:21:52 | 000,001,158 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[2012/11/21 02:12:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/20 20:57:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2012/11/24 00:52:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2012/08/25 04:16:44 | 001,520,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 20:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/11 21:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2013/06/10 01:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2013/04/06 22:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/21 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameFly
[2012/11/23 20:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mount&Blade Warband
[2013/01/18 17:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pokerth
[2013/04/14 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Razor
[2013/04/14 15:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ultima Online Forever (Razor)
[2013/08/19 13:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/11/23 22:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Waterfox Limited
[2013/08/01 18:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WikidPad
[2012/12/15 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WTouch
[2012/11/24 00:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/07/09 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 21/08/2013 5:30:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.89% Memory free
3.87 Gb Paging File | 3.09 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 496.81 Gb Free Space | 53.33% Space Free | Partition Type: NTFS
Drive E: | 456.34 Gb Total Space | 55.55 Gb Free Space | 12.17% Space Free | Partition Type: NTFS

Computer Name: DAN-AEU4I5P5IE0 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = Waterfox Limited.Waterfox.html] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Waterfox Limited.Waterfox.html] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
"C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe" = C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War Kingdoms -- ( )
"C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()
"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense -- (DOSBox Team)
"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe:*:Enabled:X-COM: UFO Defense -- ()
"C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe" = C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe:*:Enabled:E.Y.E: Divine Cybermancy Demo -- ()
"C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe" = C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe:*:Enabled:SoulseekQt -- ()
"C:\Program Files (x86)\SoulseekNS\slsk.exe" = C:\Program Files (x86)\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe" = C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe:*:Enabled:Red Orchestra 2: Heroes of Stalingrad -- ()
"C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe" = C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe:*:Enabled:Company of Heroes Singleplayer Demo -- (THQ Canada Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe" = C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City™ -- (Rocksteady Studios Ltd.)
"C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat" = C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat:*:Enabled:Batman: Arkham City™ -- ()
"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Electronic Arts\Ultima Online Classic\client.exe" = C:\Program Files\Electronic Arts\Ultima Online Classic\client.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Java\jre7\bin\java.exe" = C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"E:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe" = E:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Documents and Settings\Administrator\Desktop\utorrent.exe" = C:\Documents and Settings\Administrator\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files (x86)\EA GAMES\Battlefield 2\ForgottenHope2.exe" = C:\Program Files (x86)\EA GAMES\Battlefield 2\ForgottenHope2.exe:*:Enabled:ForgottenHope2 -- ()
"C:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe" = C:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe" = C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe:*:Enabled:Arma 3 Alpha Lite -- (Bohemia Interactive)
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe" = C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War Kingdoms -- ( )
"C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()
"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense -- (DOSBox Team)
"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe:*:Enabled:X-COM: UFO Defense -- ()
"C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe" = C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe:*:Enabled:E.Y.E: Divine Cybermancy Demo -- ()
"C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe" = C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe:*:Enabled:SoulseekQt -- ()
"C:\Program Files (x86)\SoulseekNS\slsk.exe" = C:\Program Files (x86)\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe" = C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe:*:Enabled:Red Orchestra 2: Heroes of Stalingrad -- ()
"C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe" = C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe:*:Enabled:Company of Heroes Singleplayer Demo -- (THQ Canada Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe" = C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City™ -- (Rocksteady Studios Ltd.)
"C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat" = C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat:*:Enabled:Batman: Arkham City™ -- ()
"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Electronic Arts\Ultima Online Classic\client.exe" = C:\Program Files\Electronic Arts\Ultima Online Classic\client.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Java\jre7\bin\java.exe" = C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"E:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe" = E:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Documents and Settings\Administrator\Desktop\utorrent.exe" = C:\Documents and Settings\Administrator\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files (x86)\EA GAMES\Battlefield 2\ForgottenHope2.exe" = C:\Program Files (x86)\EA GAMES\Battlefield 2\ForgottenHope2.exe:*:Enabled:ForgottenHope2 -- ()
"C:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe" = C:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe" = C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe:*:Enabled:Arma 3 Alpha Lite -- (Bohemia Interactive)
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C55B5B3C-7F46-40E6-B943-EFB6765FB828}" = Waterfox
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.15
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR 4.20 (64-bit)
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 2.1_01
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C77C734-D56C-486F-98F7-33C74444A556}" = Buzzsaw CD Ripper 3.2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78267B6F-A60B-4550-B876-C15BF31BBA0F}" = Mayura Chess Board
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1" = MPEG Video Wizard DVD 5.0.1.108 (06/2013)
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DEE6EE-6B52-490B-8716-885BFD85DE6D}_is1" = The Anglo Zulu war
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2 Complete Collection
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FE08FDBB-A240-4C04-8E60-018F936B3C8F}" = Ultima Online Forever
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"Belarc Advisor" = Belarc Advisor 8.3
"BillardGL 1.75" = BillardGL 1.75
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Forgotten Hope 2" = Forgoten Hope 2 (2 of 2) (dummy)
"GameFly" = GameFly
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.0 (Standard)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mount&Blade Warband" = Mount&Blade Warband
"Mount&Blade: Warband - Napoleonic Wars" = Mount&Blade: Warband - Napoleonic Wars
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mpeg Video Wizard DVD 5.0" = MPEG Video Wizard DVD 5.0.1.108 (06/2013)
"Pen Tablet Driver" = Bamboo
"PokerTH 1.0" = PokerTH
"Soulseek2" = SoulSeek 157 NS 13e
"SoulseekQt" = SoulseekQt
"Steam App 228800" = Arma 3 Alpha Lite
"Steam App 57400" = Batman: Arkham City™
"Steam App 9300" = Company of Heroes Singleplayer Demo
"Ultima Online Classic" = Ultima Online Classic Client
"Ultima Online Forever 1.0.0" = Ultima Online Forever
"UltimaOnline" = Ultima Online: Renaissance
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp (remove only)
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-18
"WORD" = Microsoft Office Word 2007

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2013 5:41:23 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = MsiInstaller | ID = 10005
Description = Product: Grand Theft Auto: Episodes from Liberty City -- Failed installing
title update. See log at C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\GFWLive\Install\Logs\titleupdate.log for details

Error - 01/05/2013 5:41:29 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = MsiInstaller | ID = 10005
Description = Product: Grand Theft Auto: Episodes from Liberty City -- Failed installing
title update. See log at C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\GFWLive\Install\Logs\titleupdate.log for details

Error - 01/05/2013 5:45:59 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = MsiInstaller | ID = 10005
Description = Product: Grand Theft Auto: Episodes from Liberty City -- Failed installing
title update. See log at C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\GFWLive\Install\Logs\titleupdate.log for details

Error - 08/05/2013 3:15:54 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000
Description = Faulting application bf2voicesetup.exe, version 0.0.0.0, faulting
module bf2voicesetup.exe, version 0.0.0.0, fault address 0x00008661.

Error - 23/05/2013 4:19:38 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Hang | ID = 1002
Description = Hanging application GameFly.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/05/2013 2:00:01 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000
Description = Faulting application aam updates notifier.exe, version 1.0.175.0,
faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0004f0f3.

Error - 15/06/2013 12:00:08 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Hang | ID = 1002
Description = Hanging application forgottenhope2.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/06/2013 1:40:41 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.6.5.6215, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 05/07/2013 11:22:08 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/07/2013 2:31:00 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.6.5.6215, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 21/08/2013 5:28:05 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:06 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:06 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:13 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:13 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:14 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:54 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:54 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:54 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 21/08/2013 5:28:55 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
Ferago
Active Member
 
Posts: 1
Joined: August 21st, 2013, 5:42 pm
Advertisement
Register to Remove

Re: ISP says I'm infected with a bot

Unread postby deltalima » August 22nd, 2013, 1:52 pm

Unfortunately, the computer in question is running Windows Server 2003, and we do not work on servers, so we are unable to assist you.

As this issue involves a server, and therefore falls outside the scope of this forum, this topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware