Jump to content

dangerpay

Members
  • Content Count

    10
  • Joined

  • Last visited

About dangerpay

  • Rank
    Member
  1. Don't want to re-hijack my own thread but BIG thanks to rise and all for your assistance. All of my issues have been fixed!
  2. Upon the last run of ComboFix with script, I still cannot update Microsoft Security Essentials. Submitted an SAS Threat Check as per Customer Service post. Thanks!
  3. ComboFix 11-05-26.05 - Devan 05/27/2011 14:36:35.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1173 [GMT -6:00] Running from: c:\documents and settings\Devan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Devan\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\drivers\SjyPkt.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\nH04201LeNmL04201 c:\documents and settings\All Users\Application Data\nH04201LeNmL04201\nH04201LeNmL04201 c:\windows\system32\drivers\SjyPkt.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SJYPKT -------\Service_SjyPkt . . ((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))))) . . 2011-05-27 18:48 . 2011-05-27 18:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D28909A-B37D-499E-9194-47D626B2B85E}\MpKsl6ebc784f.sys 2011-05-27 18:34 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D28909A-B37D-499E-9194-47D626B2B85E}\mpengine.dll 2011-05-27 05:52 . 2011-05-27 05:52 -------- d-----w- C:\_OTL 2011-05-25 01:51 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll 2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\Devan\Application Data\Malwarebytes 2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-23 10:02 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-23 10:02 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\Devan\Application Data\SUPERAntiSpyware.com 2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-05-23 00:30 . 2011-05-23 00:39 -------- d-----w- C:\bd_logs 2011-05-20 22:52 . 2011-05-20 22:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-15 21:57 . 2011-05-17 00:14 -------- d-----w- c:\program files\CarbonPoker 2011-05-15 21:43 . 2011-05-15 21:43 -------- d-----w- c:\program files\iPod 2011-05-15 21:43 . 2011-05-15 21:44 -------- d-----w- c:\program files\iTunes 2011-05-15 21:39 . 2011-05-15 21:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-09 20:46 . 2010-07-08 13:56 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-07 05:33 . 2007-06-19 03:04 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2007-05-25 05:18 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2007-05-25 05:18 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-03-18 17:53 . 2011-03-23 03:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392] "ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688] "dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2010-08-18 770728] "EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2010-08-18 139944] "Dell V715w Fax Server"="c:\program files\Dell V715w\fm3032.exe" [2010-08-18 316072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192] "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\documents and settings\Devan\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Devan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992] SABnzbd.lnk - c:\program files\SABnzbd\SABnzbd.exe [2010-11-15 337408] SickBeard.lnk - c:\documents and settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe [2011-5-24 26112] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 2390 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 15:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PNAgent] 2006-07-05 21:51 40960 ----a-w- c:\program files\PhatNoise Media Manager\PNAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\ben there, dan that!\\BTDT.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\TGP.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\winsetup.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Dell V715w\\dleefax.exe"= "c:\\WINDOWS\\system32\\dleecoms.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"= "c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Documents and Settings\\Devan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Documents and Settings\\Devan\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\broken sword shadow of the templars\\bs1dc.exe"= "c:\\Program Files\\AirPort\\APAgent.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\revenge of the titans\\RevengeOfTheTitans.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\lugaru hd\\Lugaru.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/3/2007 11:42 PM 682232] R1 MpKsl6ebc784f;MpKsl6ebc784f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D28909A-B37D-499E-9194-47D626B2B85E}\MpKsl6ebc784f.sys [5/27/2011 12:48 PM 28752] R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896] R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512] S1 MpKsl119aaa43;MpKsl119aaa43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys [?] S1 MpKsl777e1b34;MpKsl777e1b34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys [?] S1 MpKsl9fcf74a3;MpKsl9fcf74a3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [6/6/2010 9:23 PM 193192] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/24/2011 11:27 AM 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/21/2009 6:39 PM 17408] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600] S3 PD91VMDefrag;PD91VMDefrag;c:\program files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2/29/2008 10:44 AM 226568] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/18/2007 9:25 PM 235648] . Contents of the 'Scheduled Tasks' folder . 2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003Core.job - c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003UA.job - c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58] . 2011-05-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{34DD1415-64B0-498A-862C-56D3D3E760FA}: NameServer = 142.165.21.5,142.165.200.5 FF - ProfilePath - c:\documents and settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-27 14:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:0a,f7,20,d9,2f,5f,e2,2f,17,ca,2d,66,51,10,a3,0c,06,e2,ad,98,e1,fa,7d, b3,64,26,f2,7a,33,fa,fb,64,d7,6d,75,fc,93,f2,8c,0a,31,4e,7e,8d,c8,bc,f8,ee,\ "??"=hex:fc,49,a6,30,64,3f,75,f1,d6,0a,f2,22,8c,4b,4b,06 . [HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\License information*] "datasecu"=hex:81,cd,08,0f,26,54,a7,f3,80,56,c5,8d,bb,89,7e,7e,48,1e,10,df,01, c5,47,71,a7,d0,3c,7c,07,7e,43,0f,64,dc,bd,7a,39,b0,ee,69,c7,9a,2a,3e,d0,81,\ "rkeysecu"=hex:32,de,6e,b7,e1,82,b3,93,89,17,8e,72,d8,a3,be,aa . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4024) c:\windows\system32\WININET.dll c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dleecoms.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Sandboxie\SbieSvc.exe c:\program files\TVersity\Media Server\MediaServer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-05-27 14:53:20 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-27 20:53 ComboFix2.txt 2011-05-27 18:28 . Pre-Run: 241,142,145,024 bytes free Post-Run: 240,951,345,152 bytes free . - - End Of File - - 58573EC8B7F663D70DCF18A4DBE4A0F4
  4. ComboFix 11-05-26.05 - Devan 05/27/2011 12:23:08.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1263 [GMT -6:00] Running from: c:\documents and settings\Devan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Devan\Application Data\inst.exe c:\documents and settings\Devan\My Documents\about.html C:\test.txt . . ((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))))) . . 2011-05-27 05:54 . 2011-05-27 05:54 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKslcdf7f63f.sys 2011-05-27 05:52 . 2011-05-27 05:52 -------- d-----w- C:\_OTL 2011-05-25 00:38 . 2011-05-25 00:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKsl8289a536.sys 2011-05-25 00:38 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\mpengine.dll 2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\Devan\Application Data\Malwarebytes 2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-23 10:02 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-23 10:02 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\Devan\Application Data\SUPERAntiSpyware.com 2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-05-23 00:30 . 2011-05-23 00:39 -------- d-----w- C:\bd_logs 2011-05-22 18:08 . 2011-05-23 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\nH04201LeNmL04201 2011-05-20 22:52 . 2011-05-20 22:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-15 21:57 . 2011-05-17 00:14 -------- d-----w- c:\program files\CarbonPoker 2011-05-15 21:43 . 2011-05-15 21:43 -------- d-----w- c:\program files\iPod 2011-05-15 21:43 . 2011-05-15 21:44 -------- d-----w- c:\program files\iTunes 2011-05-15 21:39 . 2011-05-15 21:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-09 20:46 . 2010-07-08 13:56 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-18 17:53 . 2011-03-23 03:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392] "ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688] "dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2010-08-18 770728] "EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2010-08-18 139944] "Dell V715w Fax Server"="c:\program files\Dell V715w\fm3032.exe" [2010-08-18 316072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192] "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] . c:\documents and settings\Devan\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Devan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992] SABnzbd.lnk - c:\program files\SABnzbd\SABnzbd.exe [2010-11-15 337408] SickBeard.lnk - c:\documents and settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe [2011-5-24 26112] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 2390 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 15:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PNAgent] 2006-07-05 21:51 40960 ----a-w- c:\program files\PhatNoise Media Manager\PNAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\ben there, dan that!\\BTDT.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\TGP.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\winsetup.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Dell V715w\\dleefax.exe"= "c:\\WINDOWS\\system32\\dleecoms.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"= "c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Documents and Settings\\Devan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Documents and Settings\\Devan\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\broken sword shadow of the templars\\bs1dc.exe"= "c:\\Program Files\\AirPort\\APAgent.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\revenge of the titans\\RevengeOfTheTitans.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\lugaru hd\\Lugaru.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/3/2007 11:42 PM 682232] R1 MpKsl8289a536;MpKsl8289a536;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKsl8289a536.sys [5/24/2011 6:38 PM 28752] R1 MpKslcdf7f63f;MpKslcdf7f63f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKslcdf7f63f.sys [5/26/2011 11:54 PM 28752] R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896] R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512] S1 MpKsl119aaa43;MpKsl119aaa43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys [?] S1 MpKsl777e1b34;MpKsl777e1b34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys [?] S1 MpKsl9fcf74a3;MpKsl9fcf74a3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [6/6/2010 9:23 PM 193192] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/24/2011 11:27 AM 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/21/2009 6:39 PM 17408] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600] S3 PD91VMDefrag;PD91VMDefrag;c:\program files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2/29/2008 10:44 AM 226568] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/18/2007 9:25 PM 235648] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [6/18/2007 9:25 PM 13532] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLCDF7F63F . Contents of the 'Scheduled Tasks' folder . 2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003Core.job - c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003UA.job - c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58] . 2011-05-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{34DD1415-64B0-498A-862C-56D3D3E760FA}: NameServer = 142.165.21.5,142.165.200.5 FF - ProfilePath - c:\documents and settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe MSConfigStartUp-Simplify Media - c:\program files\Simplify Media\SimplifyMedia.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Devan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-27 12:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:0a,f7,20,d9,2f,5f,e2,2f,17,ca,2d,66,51,10,a3,0c,06,e2,ad,98,e1,fa,7d, b3,64,26,f2,7a,33,fa,fb,64,d7,6d,75,fc,93,f2,8c,0a,31,4e,7e,8d,c8,bc,f8,ee,\ "??"=hex:fc,49,a6,30,64,3f,75,f1,d6,0a,f2,22,8c,4b,4b,06 . [HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\License information*] "datasecu"=hex:81,cd,08,0f,26,54,a7,f3,80,56,c5,8d,bb,89,7e,7e,48,1e,10,df,01, c5,47,71,a7,d0,3c,7c,07,7e,43,0f,64,dc,bd,7a,39,b0,ee,69,c7,9a,2a,3e,d0,81,\ "rkeysecu"=hex:32,de,6e,b7,e1,82,b3,93,89,17,8e,72,d8,a3,be,aa . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . Completion time: 2011-05-27 12:28:42 ComboFix-quarantined-files.txt 2011-05-27 18:28 . Pre-Run: 241,792,544,768 bytes free Post-Run: 241,736,171,520 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 344A695AAE6CB6DAA12C30D258AE574C ================================== EXTRAS.TXT ================================== OTL Extras logfile created on: 5/27/2011 12:31:33 PM - Run 5 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Devan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.78% Memory free 3.85 Gb Paging File | 3.05 Gb Available in Paging File | 79.32% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 225.17 Gb Free Space | 48.35% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 46.37 Gb Free Space | 4.98% Space Free | Partition Type: NTFS Drive G: | 931.51 Gb Total Space | 16.50 Gb Free Space | 1.77% Space Free | Partition Type: NTFS Computer Name: DEVAN-PC | User Name: Devan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "ANTIVIRUSDISABLENOTIFY" = 0 "FIREWALLDISABLENOTIFY" = 0 "UPDATESDISABLENOTIFY" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5353:UDP" = 5353:UDP:*:Enabled:Bonjour "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe" = C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition -- () "C:\Program Files\Steam\steamapps\common\ben there, dan that!\BTDT.exe" = C:\Program Files\Steam\steamapps\common\ben there, dan that!\BTDT.exe:*:Enabled:Ben There, Dan That! -- (Chris Jones) "C:\Program Files\Steam\steamapps\common\time gentlemen, please!\TGP.exe" = C:\Program Files\Steam\steamapps\common\time gentlemen, please!\TGP.exe:*:Enabled:Time Gentlemen, Please! -- (Chris Jones) "C:\Program Files\Steam\steamapps\common\time gentlemen, please!\winsetup.exe" = C:\Program Files\Steam\steamapps\common\time gentlemen, please!\winsetup.exe:*:Enabled:Time Gentlemen, Please! -- (Chris Jones) "C:\Program Files\Dell V715w\dleefax.exe" = C:\Program Files\Dell V715w\dleefax.exe:*:Enabled:Fax software -- () "C:\WINDOWS\system32\dleecoms.exe" = C:\WINDOWS\system32\dleecoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" = C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe:*:Enabled:Plug and Play -- (Creative Technology Ltd) "C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- () "C:\Program Files\Steam\steamapps\common\monkey2\Monkey2.exe" = C:\Program Files\Steam\steamapps\common\monkey2\Monkey2.exe:*:Enabled:Monkey Island 2: Special Edition -- (LucasArts Entertainment Company) "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- () "C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\Steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe" = C:\Program Files\Steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe:*:Enabled:Broken Sword: Shadow of the Templars - Director's Cut -- () "C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.) "C:\Program Files\Steam\steamapps\common\osmos\osmos.exe" = C:\Program Files\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.) "C:\Program Files\Steam\steamapps\common\revenge of the titans\RevengeOfTheTitans.exe" = C:\Program Files\Steam\steamapps\common\revenge of the titans\RevengeOfTheTitans.exe:*:Enabled:Revenge of the Titans -- () "C:\Program Files\Steam\steamapps\common\machinarium\machinarium.exe" = C:\Program Files\Steam\steamapps\common\machinarium\machinarium.exe:*:Enabled:Machinarium -- (Adobe Systems, Inc.) "C:\Program Files\Steam\steamapps\common\lugaru hd\Lugaru.exe" = C:\Program Files\Steam\steamapps\common\lugaru hd\Lugaru.exe:*:Enabled:Lugaru HD -- () "C:\Program Files\Steam\steamapps\common\gish\gish.exe" = C:\Program Files\Steam\steamapps\common\gish\gish.exe:*:Enabled:Gish -- () "C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- () "C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe" = C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe:*:Enabled:Aquaria -- (Bit Blot) "C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra: Overture -- () "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "{1287B0B4-0E89-4839-B552-809D5C0DC9F6}" = StudioTax 2010 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 23 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java SE Development Kit 6 Update 7 "{34E95EA8-EEED-469A-A5C6-4BCFE33CA1B7}" = StudioTax 2008 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader "{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup "{466240F1-4629-4D29-B619-52CEA8B57C68}_is1" = Gobliiins 4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1" = King's Quest I: Quest for the Crown (4.1) "{486CC64F-030A-4C9A-8716-87E26D28FKQ2}_is1" = King's Quest II: Romancing the Stones (3.1) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C0F8A40-2273-43E1-8C61-40D7F0573EDE}" = AirPort "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5D5F53E9-360E-42C9-B8B3-05D92F3C9D5B}" = AT&T Labs' Natural Voices Desktop 1.2.1 "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23 "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{73301755-FDB4-4734-94CE-0290DEB85849}" = MySQL Server 5.1 "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders "{822A8730-86A7-4CAA-BDE1-7337169BFF2B}" = Sound Blaster X-Fi Xtreme Audio "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADDB203-8A7B-443A-A9C2-D3AF7156EB17}" = PhatNoise CAS Speech Support "{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9939CA89-BE4E-4AA1-8ED1-DB0B56D762BC}" = StudioTax 2009 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.89 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.89 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D168582B-A6EB-4440-A3E2-8701570FF3D9}" = PokerEV "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F94C940F-3B72-4877-9B27-9C71D3EF6540}" = PhatHack DMS Tools "{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools "888poker" = 888poker "A Vampyre Story" = A Vampyre Story "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "AudioCS" = Creative Audio Console "Cateia_BraweDemo" = Kaptain Brawe - Demo "CCleaner" = CCleaner "Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader "CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only) "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Creative Software AutoUpdate" = Creative Software AutoUpdate "CyoHash" = CyoHash "Dell V715w" = Dell V715w "DVD Shrink_is1" = DVD Shrink 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Episode 1" = Back to the Future The Game - Episode 1 "Exact Audio Copy" = Exact Audio Copy 0.99pb4 "FileHippo.com" = FileHippo.com Update Checker "foobar2000" = foobar2000 v0.9.4.5 "Fraps" = Fraps (remove only) "HaaliMkx" = Haali Media Splitter "Hector Episode 1" = Hector - Badge of Carnage - Hector Episode 1 "ImgBurn" = ImgBurn "InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "Left 4 Dead" = Left 4 Dead "LoqTTS-Susan_is1" = Loquendo TTS: Susan (American English) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaInfo" = MediaInfo 0.7.9 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "mIRC" = mIRC "MKVtoolnix" = MKVtoolnix 4.3.0 "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US) "nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2 "nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1 "Notepad++" = Notepad++ "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "OUTLOOK" = Microsoft Office Outlook 2007 "PAR Buddy_is1" = PAR Buddy 2.60 (32 bit) "PartyPoker" = PartyPoker "PhatMan" = PhatNoise Music Manager "PhatNoise" = PhatNoise Media Manager "PhatVoice_is1" = PhatVoice V2.0 "Poker Tracker Version 2.16.02b_is1" = Poker Tracker Version 2.16.02b "PokerAce Hud" = PokerAce Hud (remove only) "PokerStars" = PokerStars "Police Quest 1+2+3+4_is1" = Police Quest 1+2+3+4 "QuickPar" = QuickPar 0.9 "SABnzbd" = SABnzbd (remove only) "Sandboxie" = Sandboxie 3.48 "ScummVM_is1" = ScummVM 1.2.1 "SitNGoWizard" = SitNGo Wizard "Steam App 22000" = World of Goo "Steam App 22180" = Penumbra: Overture "Steam App 24420" = Aquaria "Steam App 25010" = Lugaru HD "Steam App 26800" = Braid "Steam App 29180" = Osmos "Steam App 32360" = The Secret of Monkey Island: Special Edition "Steam App 32460" = Monkey Island 2: Special Edition "Steam App 37400" = Time Gentlemen, Please! "Steam App 37420" = Ben There, Dan That! "Steam App 40700" = Machinarium "Steam App 440" = Team Fortress 2 "Steam App 57640" = Broken Sword: Shadow of the Templars - Director's Cut "Steam App 590" = Left 4 Dead 2 Demo "Steam App 630" = Alien Swarm "Steam App 93200" = Revenge of the Titans "Steam App 9500" = Gish "Syberia_is1" = Syberia "SysInfo" = Creative System Information "SystemRequirementsLab" = System Requirements Lab "TeraCopy_is1" = TeraCopy 2.12 "The Next BIG Thing - Demo (uk)" = The Next BIG Thing (Demo) (English) "The Tournament Director 2.0" = The Tournament Director 2 "TVersity Media Server" = TVersity Media Server 1.8 Beta "TVersity Media Server " = TVersity Media Server 1.0.0.7 RC4 "UltraFXP" = UltraFXP (remove only) "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.4 "WBFS Manager 3.0" = WBFS Manager 3.0 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CarbonPoker" = CarbonPoker "Dropbox" = Dropbox "Google Chrome" = Google Chrome "uTorrent" = µTorrent "WinSetupFromUSB" = WinSetupFromUSB ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/25/2011 8:20:29 PM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 5/25/2011 8:25:35 PM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 5/25/2011 8:25:38 PM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000 Description = Error - 5/26/2011 8:20:30 PM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 5/27/2011 1:57:19 AM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 5/27/2011 1:57:24 AM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000 Description = Error - 5/27/2011 1:57:27 AM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 5/27/2011 1:57:30 AM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000 Description = Error - 5/27/2011 1:59:26 AM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 5/27/2011 1:59:29 AM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000 Description = [ OSession Events ] Error - 10/7/2008 8:51:09 PM | Computer Name = DEVAN-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3135 seconds with 420 seconds of active time. This session ended with a crash. [ SitNGoWizard Events ] Error - 3/6/2011 8:04:43 PM | Computer Name = DEVAN-PC | Source = SitNGoWizard | ID = 1 Description = Invoke or BeginInvoke cannot be called on a control until the window handle has been created. Error - 3/6/2011 8:04:43 PM | Computer Name = DEVAN-PC | Source = SitNGoWizard | ID = 1 Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method) at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) Error - 3/6/2011 8:11:06 PM | Computer Name = DEVAN-PC | Source = SitNGoWizard | ID = 1 Description = Could not find a part of the path 'C:\Program Files\In The Money\SitNGo Wizard\__QuizGame__'. [ System Events ] Error - 5/27/2011 1:52:49 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7034 Description = The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s). Error - 5/27/2011 1:52:51 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/27/2011 1:55:05 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the dleeCATSCustConnectService service to connect. Error - 5/27/2011 1:55:05 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7000 Description = The dleeCATSCustConnectService service failed to start due to the following error: %%1053 Error - 5/27/2011 1:55:05 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7000 Description = The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: %%3 Error - 5/27/2011 1:55:07 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL Error - 5/27/2011 1:57:18 AM | Computer Name = DEVAN-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.434.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 5/27/2011 1:57:27 AM | Computer Name = DEVAN-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.434.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 5/27/2011 1:59:26 AM | Computer Name = DEVAN-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.434.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 5/27/2011 2:23:00 PM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7034 Description = The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s). < End of report >
  5. Ran the fix. Upon reboot Windows Update instantly popped up saying Updates were ready to install. Woo!! One down and working! Still cannot update Microsoft Security Essentials however. Just instantly pops up as connection failed. Weird! Log as requested below. All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{09B71986-2AC5-482D-B6CB-42EA34F4F85B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09B71986-2AC5-482D-B6CB-42EA34F4F85B}\ not found. Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09B71986-2AC5-482D-B6CB-42EA34F4F85B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09B71986-2AC5-482D-B6CB-42EA34F4F85B}\ not found. Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully. Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully. Starting removal of ActiveX control {238F6F83-B8B4-11CF-8771-00A024541EE3} C:\WINDOWS\Downloaded Program Files\wficat.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ not found. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} C:\WINDOWS\Downloaded Program Files\DellSystemLite.INF moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ not found. Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {D821DC4A-0814-435E-9820-661C543A4679} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D821DC4A-0814-435E-9820-661C543A4679}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D821DC4A-0814-435E-9820-661C543A4679}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D821DC4A-0814-435E-9820-661C543A4679}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D821DC4A-0814-435E-9820-661C543A4679}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D821DC4A-0814-435E-9820-661C543A4679}\ not found. Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29} C:\WINDOWS\Downloaded Program Files\CTPID.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a29990f-4db3-11df-acdc-0018f3510594}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a29990f-4db3-11df-acdc-0018f3510594}\ not found. File H:\Setup.exe not found. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\OLD4B.tmp deleted successfully. C:\WINDOWS\System32\tmp3E.tmp deleted successfully. C:\WINDOWS\System32\tmp8D.tmp deleted successfully. C:\WINDOWS\003297_.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6 moved successfully. C:\Documents and Settings\All Users\Application Data\w7wk868rbh6 moved successfully. C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Devan ->Temp folder emptied: 93124943 bytes ->Temporary Internet Files folder emptied: 13426679 bytes ->Java cache emptied: 41239 bytes ->FireFox cache emptied: 4662743 bytes ->Google Chrome cache emptied: 439116527 bytes ->Flash cache emptied: 2478422 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1415086 bytes ->Temporary Internet Files folder emptied: 17466293 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1835234 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 547.00 mb [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Devan ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: postgres Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.23.0 log created on 05262011_235248 Files\Folders moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully. Registry entries deleted on Reboot...
  6. I ran OTL in Quick Scan mode but it only produced an OTL.txt, and not an Extras.txt. OTL logfile created on: 5/25/2011 5:52:57 PM - Run 4 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Devan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.87% Memory free 3.85 Gb Paging File | 3.01 Gb Available in Paging File | 78.22% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 224.87 Gb Free Space | 48.28% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 58.62 Gb Free Space | 6.29% Space Free | Partition Type: NTFS Drive G: | 931.51 Gb Total Space | 16.50 Gb Free Space | 1.77% Space Free | Partition Type: NTFS Computer Name: DEVAN-PC | User Name: Devan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/25 17:52:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe PRC - [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2011/05/10 23:24:02 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2010/11/15 14:55:52 | 000,337,408 | ---- | M] () -- C:\Program Files\SABnzbd\SABnzbd.exe PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010/08/18 16:01:33 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V715w\ezprint.exe PRC - [2010/08/18 16:01:31 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V715w\dleemon.exe PRC - [2010/08/09 04:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010/05/21 16:02:55 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\dleecoms.exe PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe PRC - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe PRC - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/07/28 09:56:48 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ========== Modules (SafeList) ========== MOD - [2011/05/25 17:52:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010/08/09 04:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010/05/21 16:02:55 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dleecoms.exe -- (dlee_device) SRV - [2010/05/21 16:02:50 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe -- (dleeCATSCustConnectService) SRV - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2008/12/31 13:12:44 | 000,910,600 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine) SRV - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent) SRV - [2008/02/29 10:44:26 | 000,226,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe -- (PD91VMDefrag) SRV - [2007/11/30 15:32:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) ========== Driver Services (SafeList) ========== DRV - [2011/05/24 18:38:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKsl8289a536.sys -- (MpKsl8289a536) DRV - [2010/08/09 04:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Devan\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL) DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Devan\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV) DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/01/19 15:54:14 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2008/08/28 13:16:40 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFS.sys -- (DefragFS) DRV - [2007/11/21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi) DRV - [2007/10/10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt) DRV - [2007/07/03 23:42:32 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007/05/21 15:29:26 | 000,235,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN) DRV - [2006/05/23 08:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006/03/31 04:39:54 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt) DRV - [2006/02/24 21:48:02 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport) DRV - [2006/02/08 12:55:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003/06/10 17:51:27 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-706699826-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.8 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 15:40:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 03:58:30 | 000,000,000 | ---D | M] [2008/05/30 12:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Devan\Application Data\Mozilla\Extensions [2011/05/15 15:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\extensions [2009/07/20 22:47:49 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011/05/01 12:18:27 | 000,002,091 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\searchplugins\ngindex-sets.xml [2008/04/07 20:00:51 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\searchplugins\webster.xml [2011/03/22 21:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/06 21:23:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/02/06 13:58:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI [2009/03/18 18:18:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/07/21 14:19:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/03/18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/05/24 18:09:08 | 000,000,862 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 74.208.10.249 gs.apple.com O1 - Hosts: 127.0.1.1 spynettest.microsoft.com O1 - Hosts: 127.0.1.1 spynet2.microsoft.com O1 - Hosts: 127.0.1.1 mpa.one.microsoft.com O3 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found. O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe () O4 - HKLM..\Run: [Dell V715w Fax Server] C:\Program Files\Dell V715w\fm3032.exe () O4 - HKLM..\Run: [dleemon.exe] C:\Program Files\Dell V715w\dleemon.exe () O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V715w\ezprint.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-507921405-706699826-1417001333-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found O4 - HKU\S-1-5-21-507921405-706699826-1417001333-1003..\Run: [msnmsgr] File not found O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] File not found O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] File not found O4 - HKU\S-1-5-19..\RunOnce: [showDeskFix] File not found O4 - HKU\S-1-5-20..\RunOnce: [showDeskFix] File not found O4 - Startup: C:\Documents and Settings\Devan\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files\SABnzbd\SABnzbd.exe () O4 - Startup: C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SickBeard.lnk = C:\Documents and Settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://aim.sasktel.net/CitrixSessionInit/ICAWEB/en/ica32/wficat.cab (Citrix ICA Client) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Devan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Devan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/06/18 21:07:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell - "" = AutoRun O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{6a29990f-4db3-11df-acdc-0018f3510594}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/25 17:52:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe [2011/05/24 23:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Desktop\SickBeard-win32-alpha-build487 [2011/05/24 17:40:54 | 001,422,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Devan\Desktop\tdsskiller.exe [2011/05/23 04:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Application Data\Malwarebytes [2011/05/23 04:02:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/23 04:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/23 04:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/23 04:02:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/23 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/23 02:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Application Data\SUPERAntiSpyware.com [2011/05/23 02:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/05/22 18:30:04 | 000,000,000 | ---D | C] -- C:\bd_logs [2011/05/22 12:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nH04201LeNmL04201 [2011/05/20 16:52:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Devan\Recent [2011/05/15 15:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Start Menu\Programs\CarbonPoker [2011/05/15 15:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\CarbonPoker [2011/05/15 15:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/05/15 15:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/05/15 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/05/15 15:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/05/15 15:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/05/15 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2010/06/06 21:23:43 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoin.dll [2010/06/06 21:21:42 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeserv.dll [2010/06/06 21:21:42 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeusb1.dll [2010/06/06 21:21:42 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleepmui.dll [2010/06/06 21:21:42 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dleelmpm.dll [2010/06/06 21:21:42 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeinpa.dll [2010/06/06 21:21:42 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEEhcp.dll [2010/06/06 21:21:42 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeiesc.dll [2010/06/06 21:21:41 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomc.dll [2010/06/06 21:21:41 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleehbn3.dll [2010/06/06 21:21:41 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoms.exe [2010/06/06 21:21:41 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecfg.exe [2010/06/06 21:21:41 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomm.dll [2010/06/06 21:21:41 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeih.exe [2007/08/10 18:17:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Devan\Application Data\pcouffin.sys [2007/06/19 18:03:29 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/25 17:52:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe [2011/05/25 17:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003UA.job [2011/05/25 17:00:22 | 000,003,633 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies [2011/05/25 16:13:26 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/05/25 16:13:25 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\Google Chrome.lnk [2011/05/24 21:03:50 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\MShare.lnk [2011/05/24 20:07:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/05/24 19:13:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003Core.job [2011/05/24 19:04:44 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SickBeard.lnk [2011/05/24 18:20:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/05/24 18:20:08 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011/05/24 18:20:08 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011/05/24 18:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/24 17:45:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/24 17:41:01 | 001,422,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Devan\Desktop\tdsskiller.exe [2011/05/23 21:03:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/23 18:12:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/23 04:02:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/23 03:58:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/05/23 02:08:56 | 000,012,420 | -HS- | M] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6 [2011/05/23 02:08:56 | 000,012,420 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\w7wk868rbh6 [2011/05/15 15:57:46 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\CarbonPoker.lnk [2011/05/15 15:44:30 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/05/14 13:09:38 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/29 13:59:04 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hector - Badge of Carnage.lnk [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/24 21:02:10 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\Devan\Desktop\MShare.lnk [2011/05/24 19:04:44 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SickBeard.lnk [2011/05/23 04:02:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/22 12:08:25 | 000,012,420 | -HS- | C] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6 [2011/05/22 12:08:25 | 000,012,420 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w7wk868rbh6 [2011/05/15 15:57:46 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Devan\Desktop\CarbonPoker.lnk [2011/05/15 15:44:30 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/04/29 13:59:04 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hector - Badge of Carnage.lnk [2011/04/15 11:47:36 | 000,038,464 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\Comma Separated Values (Windows).ADR [2010/10/27 23:07:18 | 000,240,140 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010/10/27 23:07:15 | 000,240,140 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010/10/27 23:07:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/10/27 23:06:18 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/06/06 21:23:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleevs.dll [2010/06/06 21:23:40 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleecui.dll [2010/06/06 21:23:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleecuir.dll [2010/06/06 21:23:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleegcfg.dll [2010/06/06 21:23:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEEPMON.DLL [2010/06/06 21:23:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEEFXPU.DLL [2010/06/06 21:23:02 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEEoem.dll [2010/06/06 21:22:54 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.dll [2010/06/06 21:22:54 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.exe [2010/06/06 21:21:42 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\DLEEinst.dll [2010/06/06 21:21:42 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleeins.dll [2010/06/06 21:21:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleeinsb.dll [2010/06/06 21:21:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleeinsr.dll [2010/06/06 21:21:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleejswr.dll [2010/06/06 21:21:41 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleecu.dll [2010/06/06 21:21:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleegrd.dll [2010/06/06 21:21:41 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleecub.dll [2010/06/06 21:21:41 | 000,086,183 | ---- | C] () -- C:\WINDOWS\System32\DLEEcfg.dll [2010/06/06 21:21:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleecur.dll [2010/06/05 17:58:42 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEEsm.dll [2010/06/05 17:58:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEsmr.dll [2010/05/05 21:29:59 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2009/11/07 22:54:28 | 000,055,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/07/13 17:30:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2009/04/04 13:36:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/03/05 15:23:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll [2009/03/05 15:23:59 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2009/02/08 16:26:33 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\vso_ts_preview.xml [2008/12/23 18:18:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/12/21 15:26:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\PnkBstrK.sys [2008/12/02 19:39:53 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008/09/20 14:21:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\winscp.rnd [2008/09/17 23:28:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\PUTTY.RND [2008/08/12 18:23:50 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2008/08/12 18:23:49 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008/08/12 18:23:48 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2008/08/12 18:23:46 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2008/08/12 18:23:46 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2008/03/09 12:23:45 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv [2008/01/12 17:08:03 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/01/01 22:58:04 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\coreavc.ini [2007/11/30 15:43:46 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007/11/20 16:56:11 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007/11/17 11:34:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\pmm.INI [2007/11/16 13:35:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\PhatMan.INI [2007/10/31 18:45:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/10/12 18:09:57 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2007/09/18 16:50:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2007/08/15 16:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/08/15 16:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/08/10 18:17:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\inst.exe [2007/08/10 18:17:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\pcouffin.cat [2007/08/10 18:17:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\pcouffin.inf [2007/07/04 17:35:53 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2007/06/20 01:32:23 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2007/06/20 01:32:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/06/20 01:32:03 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll [2007/06/20 01:32:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2007/06/20 01:32:03 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini [2007/06/19 00:20:39 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/18 22:25:51 | 000,001,277 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/06/18 22:10:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/06/18 21:24:02 | 000,022,781 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007/06/18 21:17:22 | 000,023,077 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2007/06/18 21:16:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007/06/18 21:16:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007/06/18 21:09:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/06/18 21:03:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/06/18 14:42:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/06/18 14:38:57 | 001,553,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/04/20 06:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007/04/20 06:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/04/27 19:03:56 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005/04/27 19:03:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/23 06:00:00 | 000,435,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/23 06:00:00 | 000,068,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010/05/05 17:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/11/15 18:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games [2009/02/25 17:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2009/07/15 19:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3 [2010/07/21 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iTunesFolderWatch [2007/06/20 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2008/10/24 17:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL [2008/05/30 19:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2007/08/27 19:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin [2009/04/13 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS [2011/05/22 20:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nH04201LeNmL04201 [2011/04/18 12:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios [2010/06/04 21:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/06/05 18:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V715w [2007/08/10 21:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2010/04/07 07:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/15 16:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/27 14:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2007/09/04 00:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Bioshock [2011/01/18 22:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 [2011/05/24 18:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Dropbox [2009/04/19 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\foobar2000 [2007/09/08 15:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\GetRightToGo [2008/10/25 13:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\gtk-2.0 [2011/04/24 11:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\HTC [2011/04/24 11:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2007/07/04 17:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\ICAClient [2007/06/21 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\ImgBurn [2010/08/29 16:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\LucasArts [2010/10/18 13:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\mkvtoolnix [2008/12/05 07:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\MySQL [2008/05/30 19:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\NCH Swift Sound [2010/10/03 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\NewsBin [2010/04/05 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Notepad++ [2011/04/24 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Outlook [2011/04/24 12:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\PacificPoker [2010/04/22 19:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\PAR Buddy [2007/09/17 17:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Red Chair Software [2011/01/21 11:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\ScummVM [2008/09/28 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Subversion [2009/03/18 21:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\SystemRequirementsLab [2011/04/24 11:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Teleca [2011/05/24 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\TeraCopy [2010/07/08 19:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\TwonkyMedia [2011/05/24 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\uTorrent [2010/06/13 20:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\V715w [2009/03/02 20:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Vso [2009/12/26 23:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\XBMC [2011/05/24 18:20:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209 @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF < End of report >
  7. Thanks for the link. Both tdsskiller and malwarebytes show no malicious files found. My HOSTS file was clean as well, forgot to check that. Should have been one of the first places I looked! Duh! I tried pretty much everything now, including running the Microsoft FixIt solution to reset Windows Update, as well as reinstalling au.inf from C:\WINDOWS\inf. What a greasy problem this is! I guess my last resort is to attempt a restore as Seth mentioned.
  8. I can manually set the date and time correct but that doesn't fix the root cause as I still can't use Windows update or update MSE.
  9. Hi Seth. Thanks for the quick reply. That was one of the first places I checked, and everything is unchecked / no proxy listed. All other network connections appear to be fine, just the 3 issues I had outlined.
  10. Hey all. Yesterday I was hit with the annoying XP Anti Virus 2011 rogue scanner. I downloaded portable Super Anti Spyware and ran the program. Upon next boot up, I was no longer getting the annoying popups/scans/etc. I had to run the EXE fix to get file associations back working. I've noticed a few outstanding issues however: 1) My time is off, and will not auto-update with internet time like it used to. 2) Microsoft Security Essentials will not update 3) Windows Update wont work / red warning shield showing. I ran Malwarebytes Anti-Malware as well but it hasn't corrected these 3 issues. This is the first time I have been hit with something like this and I generally consider myself EXTREMELY careful. I was working in iTunes synching my library to my ipod when Microsoft Security Essentials suddenly closed, and I started getting bombarded with all the popups / fake scans. I have no idea what caused it as I hadn't downloaded or clicked on anything. Very strange! Any suggestions?
×
×
  • Create New...