Forum Home |  MWR University |  New to the Board? |  IRC Chatroom |  Who Runs This Site? |  ASAP Members |  Microsoft MVP Members |  Downloads |  Good & Bad P2P Programs |  Our Rules

MalWare Removal Forum

Malware Removal University - Teaching people how to support those with infected computers - Teaching them to never give up untill your computer is clean and secure.

Tutorials (etc.) : Boot to Safe Mode - Safely - What to do if your Computer's running slowly
It is currently Wed 22 May, 2013 10:24 pm

View unanswered posts | View active topics


Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Forum rules


Please read > >THIS ANNOUNCEMENT< < before posting your NEW topic about your problem.

Please do NOT reply to your topic until a staff member has responded as they are looking for topics that have ZERO replies.

Paste your logs into your post. DO NOT USE ATTACHMENTS! Logs posted as attachments will be ignored and the topic will be closed.

If no expert has replied after 3 days, and you still require assistance, please post in our 72 hour bump room > > CLICK HERE < < Please do NOT reply to your own topic in an attempt to "bump" it. Bumped topics will be closed, requiring you to start again from the beginning.

If you are being helped and you haven't replied to your helper within 3 days of their last post, your topic will be closed as inactive. If that happens, you will need to start a new topic when you have the time available to promptly complete all instructions.

If your topic has been closed due to inactivity, do NOT request that your topic be reopened - we do NOT reopen topics unless they have been closed in error - you will need to start a NEW topic with NEW DDS logs. Do NOT attempt to start a new topic with a post that is essentially a reply to your closed topic.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 4 posts ] 
  Previous topic | First unread post | Next topic 
Author Message
JGordonisone
 Post subject: Slow computer after virus
New postPosted: Mon 30 Apr, 2012 4:39 am 
Offline
Active Member

Joined: Mon 30 Apr, 2012 3:52 am
Posts: 2
I got attacked with a fake anti virus program that took over my laptop and denied access to any program I tried to open and I found out how to get rid of it, now my computer is running slow with Firefox lagging and freezing up a lot. Also Safemode does not work. Before the virus my laptop core temps were around 145*F and now it goes high as 205*F, won't go no lower than 195*F. I did try to spray my vents with can air as usual but now that trick does not seem to work anymore..

Here are my logs..

Code:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Andy at 22:45:26 on 2012-04-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.1988 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
C:\Program Files\Process Blocker\Process Blocker.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\mmc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
BHO: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} -
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {A8038A26-199C-4845-BCCF-54DC189EC954} - No File
TB: {8B48A1CA-1FDC-4B7D-983E-8CC875DAA552} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://andyanddor.tzo.net/img/LinksysMLViewer.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
TCP: Interfaces\{329D9CF2-8386-457A-9793-356C4CD136B9} : DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
TCP: Interfaces\{329D9CF2-8386-457A-9793-356C4CD136B9}\353616E637F6C6574796F6E637 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{329D9CF2-8386-457A-9793-356C4CD136B9}\35F65747865627E60284F63707964716C6964797027427F65707 : DhcpNameServer = 216.54.2.10 216.54.2.11
TCP: Interfaces\{329D9CF2-8386-457A-9793-356C4CD136B9}\3786F657C646E647D616464616 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{329D9CF2-8386-457A-9793-356C4CD136B9}\4514D4D49502C40224F454723702E4564777F627B6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{975B345A-6F7A-482A-8332-44AF2819A3C4} : DhcpNameServer = 192.168.42.129
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ReImage Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
BHO-X64:     Update Timer - No File
BHO-X64: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
BHO-X64:     script helper for ie - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} -
TB-X64: {A8038A26-199C-4845-BCCF-54DC189EC954} - No File
TB-X64: {8B48A1CA-1FDC-4B7D-983E-8CC875DAA552} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.http - 71.238.32.52
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FFAddon\components\nsgkff36_meter1.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-3-10 65536]
R2 Process Blocker;Process Blocker;C:\Program Files\Process Blocker\Process Blocker.exe [2010-4-22 116952]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 253088]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-23 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-29 05:05:35   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00EDFF57-44EF-460B-A5BA-F53E0947B6E4}\offreg.dll
2012-04-29 04:47:31   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2012-04-29 04:47:31   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2012-04-29 04:47:30   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2012-04-29 04:47:29   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2012-04-29 04:47:29   5120   ----a-w-   C:\Windows\System32\wmi.dll
2012-04-29 04:47:29   220672   ----a-w-   C:\Windows\System32\wintrust.dll
2012-04-29 04:47:29   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2012-04-29 04:44:01   690688   ----a-w-   C:\Windows\SysWow64\msvcrt.dll
2012-04-29 04:44:01   634880   ----a-w-   C:\Windows\System32\msvcrt.dll
2012-04-28 23:29:25   8917360   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00EDFF57-44EF-460B-A5BA-F53E0947B6E4}\mpengine.dll
2012-04-27 23:29:50   --------   d-----w-   C:\rei
2012-04-27 23:29:39   --------   d-----w-   C:\Program Files\Reimage
2012-04-27 23:29:25   --------   d-----w-   C:\Program Files (x86)\ReImageCompanion
2012-04-27 19:32:45   116016   ----a-w-   C:\Windows\System32\drivers\26240423.sys
2012-04-27 06:34:54   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-04-27 05:24:22   --------   d-----w-   C:\ComboFix
2012-04-27 04:47:47   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-27 04:47:37   157352   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 04:47:37   129976   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-27 04:38:35   418464   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-27 02:45:31   --------   d-----w-   C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-27 02:44:28   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-04-27 02:44:21   --------   d-----w-   C:\ProgramData\SUPERSetup
2012-04-25 04:20:47   8917360   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-24 04:15:44   927800   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5607F959-727C-4309-90B7-A3392E61E03F}\gapaengine.dll
2012-04-24 04:14:16   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2012-04-24 04:14:10   --------   d-----w-   C:\Program Files\Microsoft Security Client
2012-04-24 04:04:31   200976   ----a-w-   C:\Windows\SysWow64\drivers\tmcomm.sys
2012-04-24 03:54:30   16200   ----a-w-   C:\Windows\stinger.sys
2012-04-24 03:53:55   --------   d-----w-   C:\Program Files (x86)\stinger
2012-04-08 08:20:05   --------   d-sh--w-   C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
.
==================== Find3M  ====================
.
2012-04-27 04:38:35   70304   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 05:18:05   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-03-24 05:08:55   35   ----a-w-   C:\Users\Andy\AppData\Roaming\SetValue.bat
2012-03-24 05:08:54   691   ----a-w-   C:\Users\Andy\AppData\Roaming\GetValue.vbs
2012-02-28 06:56:48   2311168   ----a-w-   C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-01-31 12:44:20   279656   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:46:30.14 ===============


Attach.txt Log

Code:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/23/2010 3:03:56
System Uptime: 4/29/2012 1:03:08 (21 hours ago)
.
Motherboard: TOSHIBA |  | NTWAE
Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket M2/S1G1 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 188 GiB total, 77.952 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&161A3A6&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&161A3A6&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP224: 4/25/2012 0:20:08 - Windows Update
RP225: 4/25/2012 0:36:03 - Windows Update
RP226: 4/27/2012 1:24:55 - ComboFix created restore point
RP227: 4/28/2012 19:28:24 - Windows Update
RP228: 4/29/2012 0:46:25 - Windows Update
RP229: 4/29/2012 1:06:24 - Removed Ad-Aware
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
AI RoboForm
Google Chrome
ImgBurn
Java Auto Updater
Java(TM) 6 Update 31
Microsoft Silverlight
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
ReImageCompanion
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
TreasureTrooper version 1.0
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
.
==== Event Viewer Messages From Past Week ========
.
4/29/2012 20:56:55, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The specified module could not be found.
4/29/2012 2:30:43, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
4/29/2012 15:52:55, Error: atikmdag [43029]  - Display is not active
4/29/2012 1:04:44, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 1:04:22, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  papycpu2 papyjoy
4/29/2012 1:04:20, Error: Service Control Manager [7000]  - The vToolbarUpdater service failed to start due to the following error:  The system cannot find the file specified.
4/29/2012 1:04:19, Error: Service Control Manager [7023]  - The Network Security service terminated with the following error:  The specified module could not be found.
4/29/2012 1:03:45, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
4/29/2012 1:03:13, Error: Application Popup [1060]  - \SystemRoot\SysWow64\DRIVERS\papyjoy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/29/2012 1:03:13, Error: Application Popup [1060]  - \SystemRoot\SysWow64\DRIVERS\papycpu2.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/27/2012 19:22:41, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 19:02:30, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 18:50:52, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 16:52:32, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 1:41:52, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/27/2012 1:40:10, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/27/2012 1:28:43, Error: Service Control Manager [7034]  - The mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit service terminated unexpectedly.  It has done this 1 time(s).
4/27/2012 1:28:43, Error: Service Control Manager [7034]  - The mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit service terminated unexpectedly.  It has done this 1 time(s).
4/27/2012 0:36:33, Error: Service Control Manager [7003]  - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
4/24/2012 1:39:37, Error: Service Control Manager [7034]  - The Process Blocker service terminated unexpectedly.  It has done this 1 time(s).
4/23/2012 23:54:36, Error: Service Control Manager [7034]  - The PC Tools Security Service service terminated unexpectedly.  It has done this 1 time(s).
4/23/2012 23:54:35, Error: Service Control Manager [7034]  - The ConfigFree Service service terminated unexpectedly.  It has done this 1 time(s).
4/23/2012 23:54:35, Error: Service Control Manager [7034]  - The ConfigFree Gadget Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


Please help me find whatever is slowing my computer down and fixing safemode. :)

Top
 Profile E-mail  
 
Dakeyras
 Post subject: Re: Slow computer after virus
New postPosted: Mon 30 Apr, 2012 12:37 pm 
Offline
MRU Honors Graduate
MRU Honors Graduate
User avatar

Joined: Wed 21 Nov, 2007 10:30 am
Posts: 8661
Location: The Tundra
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Peer to Peer Advice:

If I may to bring your attention to the below forum policy:-

P2P file sharing programmes

Now please go to Start(Windows 7 orb) >> Control Panel >> Programs and Features and remove the following (if present):

µTorrent

To do so, click once on the above in turn to highlight and then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

_________________

Top
 Profile  
 
JGordonisone
 Post subject: Re: Slow computer after virus
New postPosted: Mon 30 Apr, 2012 7:24 pm 
Offline
Active Member

Joined: Mon 30 Apr, 2012 3:52 am
Posts: 2
Ok scans are done, both logs posted below

OTL.txt

Code:
OTL logfile created on: 4/30/2012 14:09:03 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 48.34% Memory free
7.50 Gb Paging File | 5.54 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.70 Gb Total Space | 77.78 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 120.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
PRC - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:[b]64bit:[/b] - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Process Blocker) -- C:\Program Files\Process Blocker\Process Blocker.exe (Softros Systems, Inc.)
SRV:[b]64bit:[/b] - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (RSELSVC) -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (mi-raysat_3dsMax2009_64) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (papycpu2) -- C:\Windows\SysWOW64\drivers\papycpu2.sys ()
SRV - (papyjoy) -- C:\Windows\SysWOW64\drivers\papyjoy.sys ()


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:[b]64bit:[/b] - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:[b]64bit:[/b] - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:[b]64bit:[/b] - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
DRV - (papycpu2) -- C:\Windows\SysWOW64\drivers\papycpu2.sys ()
DRV - (papyjoy) -- C:\Windows\SysWOW64\drivers\papyjoy.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6ED459D5-0062-4662-A05E-7F2729BCA345}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6ED459D5-0062-4662-A05E-7F2729BCA345}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes,DefaultScope = {6D101674-B44C-45FC-A9BD-941D36F1819A}
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16375
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes\{13410E58-2248-4766-8C06-FA16361468D3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes\{6D101674-B44C-45FC-A9BD-941D36F1819A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=992732&p={searchTerms}
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=7722a22d-196c-41d1-821b-4b846d287f51&query={searchTerms}
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={22F0EC61-E640-434C-A0DF-E7B99404E7AA}&mid=73366051638c47d181faa113f06c8b63-1b07796093274afac971698575f6452cffe380b8&lang=en&ds=ins10&pr=&d=2012-01-03 20:25:56&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_flvtube_results&prt=flvtubetb01ff&clid=f7a34b94645045dabc77deff6ca7d72a&subid=11073&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {6cbc25b0-0a52-11df-8a39-0800200c9a66}:1.0.14
FF - prefs.js..extensions.enabledItems: xpirftoolbar@roboform.com:1.1.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: prizelivetoolbar@prizelive.com:5.2
FF - prefs.js..network.proxy.autoconfig_url: "http://92.42.12.48:3128/"
FF - prefs.js..network.proxy.http: "75.186.47.138"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=992732&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=992732&ilc=12"


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/16 14:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 00:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/24 23:04:51 | 000,000,000 | ---D | M]

[2011/01/20 20:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions
[2011/01/20 20:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/27 19:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default\extensions
[2012/04/27 19:29:29 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default\extensions\bbrs_006@blabbers.com
[2012/01/30 16:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions
[2010/11/02 00:14:22 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010/11/02 00:20:39 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2011/03/11 04:00:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/31 03:57:44 | 000,000,000 | ---D | M] (Shop to Win4) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
[2011/03/08 02:07:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/02/10 16:48:32 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/12/20 04:10:57 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/10/09 04:44:53 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/09/25 18:06:03 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/03/08 02:14:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/08 02:07:30 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\autofillForms@blueimp.net
[2010/12/20 04:10:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\engine@conduit.com
[2011/05/03 03:19:15 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\gamesbar@oberon-media.com
[2012/01/02 04:07:13 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\m3ffxtbr@mywebsearch.com
[2010/11/11 02:03:03 | 000,000,000 | ---D | M] ("Prize Live Toolbar") -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\prizelivetoolbar@prizelive.com
[2011/03/08 02:07:31 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\SkipScreen@SkipScreen
[2011/03/08 02:01:44 | 000,000,000 | ---D | M] (Feedback) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\testpilot@labs.mozilla.com
[2011/03/08 02:07:31 | 000,000,000 | ---D | M] (RoboForm Online Toolbar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\extensions\xpirftoolbar@roboform.com
[2012/02/17 19:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\iaa0vi87.default\extensions
[2012/02/10 03:34:09 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\iaa0vi87.default\extensions\keyscrambler@qfx.software.corporation
[2012/02/17 19:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\iaa0vi87.default\extensions\staged
[2012/02/10 03:34:10 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\iaa0vi87.default\extensions\toolbar@ask.com
[2012/04/27 19:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions
[2012/02/10 04:19:43 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2012/03/17 12:13:53 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/04/27 00:59:09 | 000,000,000 | ---D | M] (Hotspot Shield Community Toolbar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2012/02/12 03:44:12 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/04/27 19:29:29 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\bbrs_006@blabbers.com
[2012/02/10 04:19:43 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\firefoxextensions@keynote.com
[2012/02/10 04:19:43 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\personas@christopher.beard
[2012/03/14 16:36:39 | 000,000,000 | ---D | M] (UserZoom Survey Tool) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\userzoom_survey_tool@jetpack
[2012/02/10 04:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\firefoxextensions@keynote.com\components
[2012/02/10 04:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v6fhxyct.Andy\extensions\firefoxextensions@keynote.com\META-INF
[2011/12/24 12:18:45 | 000,001,945 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\searchplugins\bing-zugo.xml
[2010/10/28 22:36:32 | 000,002,689 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\g20lm9oi.default1\searchplugins\search-defender.xml
[2012/04/27 00:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/08 02:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/22 22:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011/03/08 02:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\GameTapPlayer@gametap.com
[2011/12/22 22:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\staged
[2012/04/27 00:47:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/24 01:18:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2009/02/09 16:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\askcom.xml
[2012/01/04 06:58:28 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/22 22:08:54 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/03 11:13:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/03 11:13:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2010/10/22 19:40:03 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober1106357093.xml
[2011/05/03 03:19:15 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober46999809.xml
[2010/11/17 16:38:39 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober486778234.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=992732&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: NielsenOnline (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\chrometracker.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Nielsen = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\
CHR - Extension: LivingPlay = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.9.5_0\
CHR - Extension: Gmail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/27 01:41:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\Toolbar\WebBrowser: (no name) - {8B48A1CA-1FDC-4B7D-983E-8CC875DAA552} - No CLSID value found.
O3 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\Toolbar\WebBrowser: (no name) - {A8038A26-199C-4845-BCCF-54DC189EC954} - No CLSID value found.
O3 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-784638835-1972707192-2111270232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} http://andyanddor.tzo.net/img/LinksysMLViewer.cab (LinksysMLViewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{329D9CF2-8386-457A-9793-356C4CD136B9}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975B345A-6F7A-482A-8332-44AF2819A3C4}: DhcpNameServer = 192.168.42.129
O18:[b]64bit:[/b] - Protocol\Handler\base64 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\chrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\prox - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll (reimage)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) -  File not found
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/04/30 13:58:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012/04/29 00:51:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/29 00:51:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/29 00:51:37 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/29 00:51:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/29 00:51:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/29 00:51:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/29 00:51:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/29 00:51:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/29 00:51:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/29 00:51:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/29 00:51:35 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/29 00:47:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/29 00:47:31 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/29 00:47:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/29 00:46:21 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/29 00:46:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/29 00:46:13 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/04/29 00:46:12 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/04/29 00:46:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/04/29 00:46:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/04/29 00:46:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/29 00:46:10 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/29 00:46:10 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/29 00:46:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/29 00:46:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/29 00:46:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/29 00:44:01 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/27 19:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/04/27 19:29:50 | 000,000,000 | ---D | C] -- C:\rei
[2012/04/27 19:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/04/27 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/04/27 16:22:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/04/27 15:32:45 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\26240423.sys
[2012/04/27 15:19:47 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andy\Desktop\TDSSKiller.exe
[2012/04/27 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\GooredFix Backups
[2012/04/27 02:34:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/27 01:41:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/27 01:24:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/27 01:21:41 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
[2012/04/27 00:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/27 00:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/27 00:38:35 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/26 22:45:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 22:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 22:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/26 22:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/04/24 01:18:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/24 01:18:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/24 01:18:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/24 01:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/24 00:49:02 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\New folder
[2012/04/24 00:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/24 00:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/24 00:04:31 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/04/23 23:54:30 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/04/23 23:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/04/08 04:20:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/01/19 21:23:21 | 001,783,208 | ---- | C] (Softtouch Software Design) -- C:\Users\Andy\AppData\Roaming\scrapebox.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/04/30 13:58:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012/04/30 13:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 13:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-784638835-1972707192-2111270232-1000UA.job
[2012/04/30 10:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-784638835-1972707192-2111270232-1000Core.job
[2012/04/29 01:12:43 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 01:12:43 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 01:09:40 | 000,796,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 01:09:40 | 000,671,426 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 01:09:40 | 000,126,480 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 01:04:01 | 004,898,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/29 01:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 01:03:34 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 00:51:55 | 001,749,556 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/27 21:43:21 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/27 21:43:21 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/04/27 20:56:30 | 000,440,651 | ---- | M] () -- C:\Users\Andy\Desktop\DGDO-Ciclavia-BikeMotion-gif_231922.gif
[2012/04/27 20:04:47 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/04/27 20:04:47 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/27 20:04:40 | 001,158,716 | ---- | M] () -- C:\Users\Andy\Desktop\money.jpg
[2012/04/27 19:30:59 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/04/27 16:22:41 | 000,001,836 | ---- | M] () -- C:\Users\Andy\Desktop\ImgBurn.lnk
[2012/04/27 16:18:36 | 126,146,560 | ---- | M] () -- C:\Users\Andy\Desktop\gparted-live-0.12.1-1.iso
[2012/04/27 15:37:57 | 000,080,384 | ---- | M] () -- C:\Users\Andy\Desktop\MBRCheck.exe
[2012/04/27 15:32:45 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\26240423.sys
[2012/04/27 15:18:23 | 002,054,861 | ---- | M] () -- C:\Users\Andy\Desktop\tdsskiller(1).zip
[2012/04/27 01:41:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/27 01:15:36 | 000,320,857 | ---- | M] () -- C:\Users\Andy\Desktop\MGlogs.zip
[2012/04/27 01:15:36 | 000,320,857 | ---- | M] () -- C:\MGlogs.zip
[2012/04/27 00:38:35 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/27 00:38:35 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/26 22:39:39 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Andy\Desktop\ComboFix.exe
[2012/04/24 23:04:52 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/24 18:45:52 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andy\Desktop\TDSSKiller.exe
[2012/04/24 02:47:46 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/24 01:18:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/24 01:18:06 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/24 01:18:06 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/24 01:18:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/24 00:14:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/24 00:14:19 | 000,810,136 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/24 00:12:33 | 000,180,783 | ---- | M] () -- C:\Users\Andy\AppData\Local\census.cache
[2012/04/24 00:12:22 | 000,131,090 | ---- | M] () -- C:\Users\Andy\AppData\Local\ars.cache
[2012/04/24 00:03:59 | 000,000,036 | ---- | M] () -- C:\Users\Andy\AppData\Local\housecall.guid.cache
[2012/04/23 23:54:30 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/04/11 14:46:48 | 001,260,159 | ---- | M] () -- C:\Users\Andy\Desktop\Old_Newspaper_Texture1_by_powerpuffjazz.jpg
[2012/04/04 14:02:45 | 000,002,682 | ---- | M] () -- C:\Windows\Sandboxie.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/04/27 20:56:29 | 000,440,651 | ---- | C] () -- C:\Users\Andy\Desktop\DGDO-Ciclavia-BikeMotion-gif_231922.gif
[2012/04/27 20:04:39 | 001,158,716 | ---- | C] () -- C:\Users\Andy\Desktop\money.jpg
[2012/04/27 19:30:43 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/04/27 19:29:59 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/04/27 16:22:41 | 000,001,866 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/04/27 16:22:41 | 000,001,836 | ---- | C] () -- C:\Users\Andy\Desktop\ImgBurn.lnk
[2012/04/27 16:17:09 | 126,146,560 | ---- | C] () -- C:\Users\Andy\Desktop\gparted-live-0.12.1-1.iso
[2012/04/27 15:37:59 | 000,080,384 | ---- | C] () -- C:\Users\Andy\Desktop\MBRCheck.exe
[2012/04/27 15:18:57 | 002,054,861 | ---- | C] () -- C:\Users\Andy\Desktop\tdsskiller(1).zip
[2012/04/27 02:42:57 | 000,320,857 | ---- | C] () -- C:\Users\Andy\Desktop\MGlogs.zip
[2012/04/27 00:56:10 | 000,320,857 | ---- | C] () -- C:\MGlogs.zip
[2012/04/27 00:38:43 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 22:44:37 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/24 23:03:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/24 23:03:36 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/24 00:14:31 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/24 00:14:12 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 00:12:33 | 000,180,783 | ---- | C] () -- C:\Users\Andy\AppData\Local\census.cache
[2012/04/24 00:12:22 | 000,131,090 | ---- | C] () -- C:\Users\Andy\AppData\Local\ars.cache
[2012/04/24 00:03:59 | 000,000,036 | ---- | C] () -- C:\Users\Andy\AppData\Local\housecall.guid.cache
[2012/04/11 14:46:48 | 001,260,159 | ---- | C] () -- C:\Users\Andy\Desktop\Old_Newspaper_Texture1_by_powerpuffjazz.jpg
[2012/03/24 01:08:55 | 000,000,035 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\SetValue.bat
[2012/03/24 01:08:54 | 000,000,691 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\GetValue.vbs
[2012/03/24 01:06:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/02/04 22:50:43 | 000,003,272 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/02/04 22:50:43 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/01/23 03:26:55 | 000,308,560 | ---- | C] () -- C:\Windows\SysWow64\vipre.dll
[2012/01/22 23:00:50 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/22 23:00:50 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/04 21:20:23 | 000,005,172 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/04 20:21:26 | 000,009,618 | -HS- | C] () -- C:\Users\Andy\AppData\Local\183ep30vq51a01388848xsmgxh8t514csd1on74281y
[2012/01/04 20:21:26 | 000,009,618 | -HS- | C] () -- C:\ProgramData\183ep30vq51a01388848xsmgxh8t514csd1on74281y
[2011/12/28 17:31:03 | 000,000,092 | ---- | C] () -- C:\Users\Andy\AppData\Local\fusioncache.dat
[2011/12/27 18:58:58 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/12/25 12:32:49 | 000,011,792 | -HS- | C] () -- C:\Users\Andy\AppData\Local\0xdw0oci43g73dh0e0agmy
[2011/12/25 12:32:49 | 000,011,792 | -HS- | C] () -- C:\ProgramData\0xdw0oci43g73dh0e0agmy
[2011/12/02 04:35:56 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2011/11/27 20:17:03 | 000,000,132 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/01 15:38:22 | 000,557,056 | R--- | C] () -- C:\Windows\SysWow64\libavcodecX.dll
[2011/11/01 15:38:22 | 000,099,328 | R--- | C] () -- C:\Windows\SysWow64\realaacX.dll
[2011/09/19 02:15:14 | 000,000,017 | ---- | C] () -- C:\Users\Andy\AppData\Local\resmon.resmoncfg
[2011/06/01 23:33:37 | 000,003,584 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/19 23:50:04 | 000,002,682 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/01/31 05:25:00 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/01/20 04:20:06 | 000,000,024 | ---- | C] () -- C:\Windows\BacklinkSpeed 1.1.INI
[2011/01/19 21:25:47 | 000,001,132 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\scrapebox.ini.bak
[2011/01/19 21:23:43 | 000,001,132 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\scrapebox.ini
[2010/12/31 20:53:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/31 13:50:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/31 13:50:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/31 13:50:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/31 13:50:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/31 13:50:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/27 21:11:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2010/12/03 23:05:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/22 19:23:29 | 000,144,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/17 16:40:24 | 000,000,000 | ---- | C] () -- C:\Windows\Hammerhead.INI
[2010/11/07 03:13:16 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/11/04 02:23:46 | 000,000,576 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/25 23:54:23 | 000,000,408 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/10/22 13:01:03 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/04 14:34:57 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\papycpu2.sys
[2010/10/04 14:34:57 | 000,001,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\papyjoy.sys
[2010/10/04 14:28:12 | 000,000,205 | ---- | C] () -- C:\Windows\Sierra.ini
[2010/10/04 02:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/09/27 00:24:37 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/24 02:15:45 | 000,000,917 | ---- | C] () -- C:\Windows\GTA-SA_Trn_Settings.ini
[2010/09/24 02:04:24 | 000,810,136 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/24 01:43:17 | 000,029,959 | ---- | C] () -- C:\Windows\SysWow64\regsv32a.exe
[2010/09/23 06:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:3A036633
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:87EF2A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:FDCBDD8E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5B85C37B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:21F28B00
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4DCAC4BC

< End of report >



Extras.txt
Code:
OTL Extras logfile created on: 4/30/2012 14:09:03 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 48.34% Memory free
7.50 Gb Paging File | 5.54 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.70 Gb Total Space | 77.78 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 120.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = Opera.HTML] -- Reg Error: Value error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = Opera.HTML] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-21-784638835-1972707192-2111270232-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1813A4C9-BDA9-44C9-8FFD-82BC809B7BD4}" = lport=445 | protocol=6 | dir=in | app=system |
"{20A62552-2C99-4401-8756-9FB3719201FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32339C77-5188-4781-825C-B1EE5273787E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42C02C8E-B744-42DE-A3A1-6D5D1F58121E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89B03088-59C2-49FF-A322-A1DB097001DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FBA8690-0EC6-4004-BFB4-C454C1A7F0BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99720442-19CA-422A-83AA-93D00F484C37}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CF41327-A5A6-4167-9E5B-94C5B87D0FD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{9EB8F390-7F10-46B0-95AC-A5A660E39410}" = lport=139 | protocol=6 | dir=in | app=system |
"{AB0A0BF7-C36B-4620-8403-25ED66BFA864}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADAD4294-AA8B-40DC-B49A-715483C21C31}" = rport=139 | protocol=6 | dir=out | app=system |
"{B04B2AAF-694E-4D0F-8F1F-06615BBEEB18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2B4E9C1-8064-4784-840F-B5C61C8008C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B533B379-6A1E-4035-A9E0-589261FBAE61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B64A0C7A-BD62-4AA3-B9B6-982FF7BA5AFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA35CBF5-E8E9-47A0-88C9-C7DB3263D28E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1DAF3E6-9FAC-4708-A77C-9FE57BEADCBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C24A3ADC-1858-471E-90A9-3FA4FF58735E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C3544B9E-6C41-42FF-9CA6-B4C06824BE3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6D6D48D-BDC4-4DF5-8ACB-9992B1B1B0AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8EE870E-DF89-4450-B13B-6CF6E3FF2210}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E59562EA-862F-48BA-85EA-5AE807A7540E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7B52DC6-A855-41D2-BB66-0FF96A7F225E}" = rport=138 | protocol=17 | dir=out | app=system |
"{E9392348-699D-4419-969F-D547D6CEC7DB}" = rport=10243 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0326B3B2-BFDD-4012-92C6-4095D0005DE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0387E027-8A31-4716-A347-B1149432D0BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A06EBFC-DCED-44FF-9941-F406043DB493}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2009\3dsmax.exe |
"{0F744310-CF8D-46CE-AC13-D77EC717C189}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{1F126B95-530F-4E7C-93F2-DE5D169BCAC4}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{253FE6F7-9DFF-44CE-9D77-2310ED2A2544}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{26D30620-0B77-4B03-A5F8-DE581107F57C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{272098D6-1029-4507-A7FE-D113A11F42E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27594417-514B-4BFE-A9BE-E70D4CC6B37C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{27C8F4D1-274D-44AC-AD6F-C3905124EE8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C982DEE-8A13-4E71-AAAA-B74C5FF7A7E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43164951-1E1B-4E6F-88C2-3265EFABA14E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4538D607-4367-4B23-85AA-C25EFCAFC612}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55EBE6A0-0C2E-4754-89EA-ED4A881F9978}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{5A958509-9BAD-46A9-A5AA-2077AD487FA9}" = dir=out | app=%programfiles% (x86)\atari\tdu2\uplauncher.exe |
"{5B1610FB-3DED-4E3C-9E79-19416E0FFB1A}" = protocol=6 | dir=out | app=system |
"{63CB6169-91A8-474D-8167-D6071EF7E634}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A30F15E-FD1A-4B12-8C0F-1961A2184573}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{6F4B2506-112E-4319-92EA-AE0489F8A2F4}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{6F57AA85-78F2-4813-94E1-422AA92A9692}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{80461AB1-633A-4D5F-B8D7-FA601405129E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8326C77B-3BA6-4D46-8BB9-63C6CEACA9CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9036C81C-0380-4893-AA03-A51662AFC355}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{91C13770-C321-4825-876C-2F3DEEC88A1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93FA4D21-DF7E-43E9-BB79-512CD8D6A453}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3807A8C-5D5B-4692-9780-39021D570FD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B82D081D-FB87-475C-8D80-185C23AB8287}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA6C84F3-B3A8-4187-B9EE-E3461A084A8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D410DA07-0F50-4D51-A795-C46920B7F4DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D756451E-85F1-4E9C-87D2-63E87685D253}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{DBEA37F6-5131-4DBF-8C46-D8E37F3BFBA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F33F01B5-2A0D-4CC1-8DD6-AFCC3FA587EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9ED57D7-A6BE-4F8C-A912-6A7A325AF85E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2009\3dsmax.exe |
"{FA47EC01-8F8C-490D-91BE-1D1BA4D7C615}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{01E804C2-6190-46CA-9241-37FF75B898EF}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"TCP Query User{258DD7BB-A264-4A14-8E29-6E821847AEC8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{44693FEA-F550-41AC-ABB5-3CD6FB1B2693}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{46D7BDAA-BC65-4963-996A-9EC7A7C8BBE9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{51B488B7-D4AD-4F8A-94DB-B2325C809F3E}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{86274C4E-2870-4C89-B15B-486F6371AC8F}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{CD70B88F-E005-44FC-A312-A0A2A1AC5187}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D01C5C44-4B35-4FF7-8F1E-B627BF23D074}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"UDP Query User{3774E66D-8F4C-48A8-9E20-11E327CE8C56}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{3FD8DEBA-3497-43AC-9451-08F50CE040AD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{45E87C68-B5C9-41DD-8EE2-62A8C7E39D25}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{49C61F2D-B927-4515-8CD1-B336F50ADEFC}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{BAF77C56-460F-4417-9B09-B1FE225CFE3E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{C7D61BCB-66FC-4015-B918-0E85368CA2FF}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"UDP Query User{E3BC2BE8-9883-4E1E-ACC5-DD7D9D9D969F}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{EC50F66F-A650-4126-8652-0D549AC4A3E1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}" = Autodesk 3ds Max 2009 64-bit Architectural Materials Library
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{3605AC81-55E5-0409-BB41-0407FB67C639}" = Bluerock Technologies Flight Studio 3ds Max 2009 64-bit
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}" = Autodesk 3ds Max 2009 64-bit ProMaterials™ Library
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{7A1FD936-C444-0409-92D2-043B1F4ED886}" = Autodesk 3ds Max 2009 64-bit Movies
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7D0751A-3F16-0409-9F9B-FF3DC390F139}" = Autodesk 3ds Max 2009 64-bit Vault 2008 Plug-In
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CD853BA5-AA85-0409-85DC-A805D779DCA8}" = Autodesk 3ds Max 2009 64-bit Additional Maps and Material Libraries
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max 2009 64-bit
"{F48D2C25-42B7-46C3-8438-1502A4CD0E4E}" = Process Blocker
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FA3E35E2-F088-0409-A563-C96430FF73F6}" = Autodesk 3ds Max 2009 64-bit Vault 2009 Plug-In
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Reimage Repair" = Reimage Repair
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{62AAE700-A9DF-4939-93DB-42E4609D61E4}_is1" = TreasureTrooper version 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ImgBurn" = ImgBurn
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ReImageCompanion" = ReImageCompanion

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-784638835-1972707192-2111270232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Do not notice any difference so far, same problems as before..

Top
 Profile E-mail  
 
Cypher
 Post subject: Re: Slow computer after virus
New postPosted: Tue 01 May, 2012 11:56 am 
Offline
Admin/Teacher
Admin/Teacher
User avatar

Joined: Wed 29 Oct, 2008 5:49 pm
Posts: 12193
Location: Land Of The Leprechauns
Posting at multiple forums

You are already receiving help with this problem at another forum:

http://forums.majorgeeks.com/showthread ... ost1734192

May I draw your attention to the ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.
See the section here where we tell you why this is not a good idea.

This topic is now closed
_________________

Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 4 posts ] 

Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 9 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Member site: Alliance of Security Analysis Professionals | UNITE Against Malware

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group