Jump to content
dangerpay

XP Anti Virus 2011 - Removed but issues remain

Recommended Posts

Hey all.

Yesterday I was hit with the annoying XP Anti Virus 2011 rogue scanner. I downloaded portable Super Anti Spyware and ran the program. Upon next boot up, I was no longer getting the annoying popups/scans/etc. I had to run the EXE fix to get file associations back working.

I've noticed a few outstanding issues however:

1) My time is off, and will not auto-update with internet time like it used to.

2) Microsoft Security Essentials will not update

3) Windows Update wont work / red warning shield showing.

I ran Malwarebytes Anti-Malware as well but it hasn't corrected these 3 issues.

This is the first time I have been hit with something like this and I generally consider myself EXTREMELY careful. I was working in iTunes synching my library to my ipod when Microsoft Security Essentials suddenly closed, and I started getting bombarded with all the popups / fake scans. I have no idea what caused it as I hadn't downloaded or clicked on anything. Very strange!

Any suggestions?

Share this post


Link to post
Share on other sites

Welcome to the SAS forum.

Go into IE's Options-->Connections-->Lan Settings. Nothing should be checked off there.

Share this post


Link to post
Share on other sites

Welcome to the SAS forum.

Go into IE's Options-->Connections-->Lan Settings. Nothing should be checked off there.

Hi Seth. Thanks for the quick reply.

That was one of the first places I checked, and everything is unchecked / no proxy listed.

All other network connections appear to be fine, just the 3 issues I had outlined.

Share this post


Link to post
Share on other sites

The link below is worth following and may resolve your problems.

http://www.bleepingcomputer.com/forums/topic397499.html

Thanks for the link. Both tdsskiller and malwarebytes show no malicious files found.

My HOSTS file was clean as well, forgot to check that. Should have been one of the first places I looked! Duh!

I tried pretty much everything now, including running the Microsoft FixIt solution to reset Windows Update, as well as reinstalling au.inf from C:\WINDOWS\inf.

What a greasy problem this is! I guess my last resort is to attempt a restore as Seth mentioned.

Share this post


Link to post
Share on other sites

Thanks for the link. Both tdsskiller and malwarebytes show no malicious files found.

My HOSTS file was clean as well, forgot to check that. Should have been one of the first places I looked! Duh!

I tried pretty much everything now, including running the Microsoft FixIt solution to reset Windows Update, as well as reinstalling au.inf from C:\WINDOWS\inf.

What a greasy problem this is! I guess my last resort is to attempt a restore as Seth mentioned.

If you wish...

Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop.

Double click on the icon to run it check All users

Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Post both logs in your reply.

Share this post


Link to post
Share on other sites

If you wish...

Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop.

Double click on the icon to run it check All users

Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Post both logs in your reply.

I ran OTL in Quick Scan mode but it only produced an OTL.txt, and not an Extras.txt.

OTL logfile created on: 5/25/2011 5:52:57 PM - Run 4

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Devan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.87% Memory free

3.85 Gb Paging File | 3.01 Gb Available in Paging File | 78.22% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 224.87 Gb Free Space | 48.28% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 58.62 Gb Free Space | 6.29% Space Free | Partition Type: NTFS

Drive G: | 931.51 Gb Total Space | 16.50 Gb Free Space | 1.77% Space Free | Partition Type: NTFS

Computer Name: DEVAN-PC | User Name: Devan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 17:52:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe

PRC - [2011/05/19 23:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/05/10 23:24:02 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe

PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/15 14:55:52 | 000,337,408 | ---- | M] () -- C:\Program Files\SABnzbd\SABnzbd.exe

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010/08/18 16:01:33 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V715w\ezprint.exe

PRC - [2010/08/18 16:01:31 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V715w\dleemon.exe

PRC - [2010/08/09 04:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe

PRC - [2010/05/21 16:02:55 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\dleecoms.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe

PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe

PRC - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/07/28 09:56:48 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

========== Modules (SafeList) ==========

MOD - [2011/05/25 17:52:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe

MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010/08/09 04:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV - [2010/05/21 16:02:55 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dleecoms.exe -- (dlee_device)

SRV - [2010/05/21 16:02:50 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe -- (dleeCATSCustConnectService)

SRV - [2010/02/25 15:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)

SRV - [2008/12/31 13:12:44 | 000,910,600 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)

SRV - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)

SRV - [2008/02/29 10:44:26 | 000,226,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe -- (PD91VMDefrag)

SRV - [2007/11/30 15:32:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

========== Driver Services (SafeList) ==========

DRV - [2011/05/24 18:38:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKsl8289a536.sys -- (MpKsl8289a536)

DRV - [2010/08/09 04:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)

DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Devan\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)

DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Devan\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009/01/19 15:54:14 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2008/08/28 13:16:40 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFS.sys -- (DefragFS)

DRV - [2007/11/21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)

DRV - [2007/10/10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)

DRV - [2007/07/03 23:42:32 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2007/05/21 15:29:26 | 000,235,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)

DRV - [2006/05/23 08:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2006/03/31 04:39:54 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)

DRV - [2006/02/24 21:48:02 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)

DRV - [2006/02/08 12:55:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003/06/10 17:51:27 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-706699826-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.8

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 15:40:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 03:58:30 | 000,000,000 | ---D | M]

[2008/05/30 12:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Devan\Application Data\Mozilla\Extensions

[2011/05/15 15:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\extensions

[2009/07/20 22:47:49 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2011/05/01 12:18:27 | 000,002,091 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\searchplugins\ngindex-sets.xml

[2008/04/07 20:00:51 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\searchplugins\webster.xml

[2011/03/22 21:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/06 21:23:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/02/06 13:58:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) --

() (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\DEVAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LRB9AZID.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI

[2009/03/18 18:18:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/07/21 14:19:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/03/18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/24 18:09:08 | 000,000,862 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O1 - Hosts: 127.0.1.1 spynettest.microsoft.com

O1 - Hosts: 127.0.1.1 spynet2.microsoft.com

O1 - Hosts: 127.0.1.1 mpa.one.microsoft.com

O3 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found.

O3 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found.

O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)

O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()

O4 - HKLM..\Run: [Dell V715w Fax Server] C:\Program Files\Dell V715w\fm3032.exe ()

O4 - HKLM..\Run: [dleemon.exe] C:\Program Files\Dell V715w\dleemon.exe ()

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V715w\ezprint.exe ()

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-507921405-706699826-1417001333-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found

O4 - HKU\S-1-5-21-507921405-706699826-1417001333-1003..\Run: [msnmsgr] File not found

O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] File not found

O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] File not found

O4 - HKU\S-1-5-19..\RunOnce: [showDeskFix] File not found

O4 - HKU\S-1-5-20..\RunOnce: [showDeskFix] File not found

O4 - Startup: C:\Documents and Settings\Devan\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe ()

O4 - Startup: C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files\SABnzbd\SABnzbd.exe ()

O4 - Startup: C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SickBeard.lnk = C:\Documents and Settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://aim.sasktel.net/CitrixSessionInit/ICAWEB/en/ica32/wficat.cab (Citrix ICA Client)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Devan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Devan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/06/18 21:07:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell - "" = AutoRun

O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{6a29990f-4db3-11df-acdc-0018f3510594}\Shell\AutoRun\command - "" = H:\Setup.exe

O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 17:52:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe

[2011/05/24 23:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Desktop\SickBeard-win32-alpha-build487

[2011/05/24 17:40:54 | 001,422,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Devan\Desktop\tdsskiller.exe

[2011/05/23 04:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Application Data\Malwarebytes

[2011/05/23 04:02:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/23 04:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/23 04:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/05/23 04:02:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/05/23 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/23 02:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Application Data\SUPERAntiSpyware.com

[2011/05/23 02:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/05/22 18:30:04 | 000,000,000 | ---D | C] -- C:\bd_logs

[2011/05/22 12:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nH04201LeNmL04201

[2011/05/20 16:52:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Devan\Recent

[2011/05/15 15:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devan\Start Menu\Programs\CarbonPoker

[2011/05/15 15:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\CarbonPoker

[2011/05/15 15:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/05/15 15:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/05/15 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/05/15 15:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/05/15 15:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/05/15 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/06/06 21:23:43 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoin.dll

[2010/06/06 21:21:42 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeserv.dll

[2010/06/06 21:21:42 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeusb1.dll

[2010/06/06 21:21:42 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleepmui.dll

[2010/06/06 21:21:42 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dleelmpm.dll

[2010/06/06 21:21:42 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeinpa.dll

[2010/06/06 21:21:42 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEEhcp.dll

[2010/06/06 21:21:42 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeiesc.dll

[2010/06/06 21:21:41 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomc.dll

[2010/06/06 21:21:41 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleehbn3.dll

[2010/06/06 21:21:41 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecoms.exe

[2010/06/06 21:21:41 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecfg.exe

[2010/06/06 21:21:41 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleecomm.dll

[2010/06/06 21:21:41 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleeih.exe

[2007/08/10 18:17:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Devan\Application Data\pcouffin.sys

[2007/06/19 18:03:29 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 17:52:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devan\Desktop\OTL.exe

[2011/05/25 17:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003UA.job

[2011/05/25 17:00:22 | 000,003,633 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

[2011/05/25 16:13:26 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Devan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/25 16:13:25 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\Google Chrome.lnk

[2011/05/24 21:03:50 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\MShare.lnk

[2011/05/24 20:07:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/05/24 19:13:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003Core.job

[2011/05/24 19:04:44 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SickBeard.lnk

[2011/05/24 18:20:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/24 18:20:08 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2011/05/24 18:20:08 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2011/05/24 18:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/24 17:45:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/24 17:41:01 | 001,422,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Devan\Desktop\tdsskiller.exe

[2011/05/23 21:03:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/23 18:12:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/23 04:02:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/23 03:58:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/05/23 02:08:56 | 000,012,420 | -HS- | M] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6

[2011/05/23 02:08:56 | 000,012,420 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\w7wk868rbh6

[2011/05/15 15:57:46 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Devan\Desktop\CarbonPoker.lnk

[2011/05/15 15:44:30 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/05/14 13:09:38 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/29 13:59:04 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hector - Badge of Carnage.lnk

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 21:02:10 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\Devan\Desktop\MShare.lnk

[2011/05/24 19:04:44 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Devan\Start Menu\Programs\Startup\SickBeard.lnk

[2011/05/23 04:02:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/22 12:08:25 | 000,012,420 | -HS- | C] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6

[2011/05/22 12:08:25 | 000,012,420 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w7wk868rbh6

[2011/05/15 15:57:46 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Devan\Desktop\CarbonPoker.lnk

[2011/05/15 15:44:30 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/04/29 13:59:04 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hector - Badge of Carnage.lnk

[2011/04/15 11:47:36 | 000,038,464 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\Comma Separated Values (Windows).ADR

[2010/10/27 23:07:18 | 000,240,140 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/10/27 23:07:15 | 000,240,140 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/10/27 23:07:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/10/27 23:06:18 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/06/06 21:23:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleevs.dll

[2010/06/06 21:23:40 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleecui.dll

[2010/06/06 21:23:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleecuir.dll

[2010/06/06 21:23:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleegcfg.dll

[2010/06/06 21:23:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEEPMON.DLL

[2010/06/06 21:23:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEEFXPU.DLL

[2010/06/06 21:23:02 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEEoem.dll

[2010/06/06 21:22:54 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.dll

[2010/06/06 21:22:54 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEwupd.exe

[2010/06/06 21:21:42 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\DLEEinst.dll

[2010/06/06 21:21:42 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleeins.dll

[2010/06/06 21:21:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleeinsb.dll

[2010/06/06 21:21:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleeinsr.dll

[2010/06/06 21:21:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleejswr.dll

[2010/06/06 21:21:41 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleecu.dll

[2010/06/06 21:21:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleegrd.dll

[2010/06/06 21:21:41 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleecub.dll

[2010/06/06 21:21:41 | 000,086,183 | ---- | C] () -- C:\WINDOWS\System32\DLEEcfg.dll

[2010/06/06 21:21:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleecur.dll

[2010/06/05 17:58:42 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEEsm.dll

[2010/06/05 17:58:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEEsmr.dll

[2010/05/05 21:29:59 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2009/11/07 22:54:28 | 000,055,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/07/13 17:30:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI

[2009/04/04 13:36:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/03/05 15:23:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/03/05 15:23:59 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/02/08 16:26:33 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\vso_ts_preview.xml

[2008/12/23 18:18:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/12/21 15:26:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\PnkBstrK.sys

[2008/12/02 19:39:53 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2008/09/20 14:21:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\winscp.rnd

[2008/09/17 23:28:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\PUTTY.RND

[2008/08/12 18:23:50 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe

[2008/08/12 18:23:49 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/08/12 18:23:48 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe

[2008/08/12 18:23:46 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe

[2008/08/12 18:23:46 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe

[2008/03/09 12:23:45 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv

[2008/01/12 17:08:03 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2008/01/01 22:58:04 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\coreavc.ini

[2007/11/30 15:43:46 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007/11/20 16:56:11 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2007/11/17 11:34:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\pmm.INI

[2007/11/16 13:35:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\PhatMan.INI

[2007/10/31 18:45:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/10/12 18:09:57 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2007/09/18 16:50:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2007/08/15 16:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/08/15 16:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007/08/10 18:17:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\inst.exe

[2007/08/10 18:17:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\pcouffin.cat

[2007/08/10 18:17:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Devan\Application Data\pcouffin.inf

[2007/07/04 17:35:53 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini

[2007/06/20 01:32:23 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2007/06/20 01:32:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2007/06/20 01:32:03 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll

[2007/06/20 01:32:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2007/06/20 01:32:03 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini

[2007/06/19 00:20:39 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/06/18 22:25:51 | 000,001,277 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2007/06/18 22:10:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2007/06/18 21:24:02 | 000,022,781 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2007/06/18 21:17:22 | 000,023,077 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2007/06/18 21:16:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2007/06/18 21:16:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/06/18 21:09:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2007/06/18 21:03:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2007/06/18 14:42:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/06/18 14:38:57 | 001,553,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/04/20 06:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin

[2007/04/20 06:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/04/27 19:03:56 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005/04/27 19:03:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 06:00:00 | 000,435,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 06:00:00 | 000,068,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/05/05 17:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/11/15 18:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games

[2009/02/25 17:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2009/07/15 19:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2010/07/21 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iTunesFolderWatch

[2007/06/20 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2008/10/24 17:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL

[2008/05/30 19:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2007/08/27 19:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin

[2009/04/13 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2011/05/22 20:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nH04201LeNmL04201

[2011/04/18 12:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios

[2010/06/04 21:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/06/05 18:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V715w

[2007/08/10 21:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/04/07 07:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/15 16:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/27 14:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2007/09/04 00:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Bioshock

[2011/01/18 22:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1

[2011/05/24 18:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Dropbox

[2009/04/19 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\foobar2000

[2007/09/08 15:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\GetRightToGo

[2008/10/25 13:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\gtk-2.0

[2011/04/24 11:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\HTC

[2011/04/24 11:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2007/07/04 17:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\ICAClient

[2007/06/21 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\ImgBurn

[2010/08/29 16:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\LucasArts

[2010/10/18 13:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\mkvtoolnix

[2008/12/05 07:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\MySQL

[2008/05/30 19:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\NCH Swift Sound

[2010/10/03 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\NewsBin

[2010/04/05 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Notepad++

[2011/04/24 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Outlook

[2011/04/24 12:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\PacificPoker

[2010/04/22 19:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\PAR Buddy

[2007/09/17 17:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Red Chair Software

[2011/01/21 11:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\ScummVM

[2008/09/28 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Subversion

[2009/03/18 21:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\SystemRequirementsLab

[2011/04/24 11:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Teleca

[2011/05/24 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\TeraCopy

[2010/07/08 19:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\TwonkyMedia

[2011/05/24 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\uTorrent

[2010/06/13 20:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\V715w

[2009/03/02 20:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\Vso

[2009/12/26 23:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan\Application Data\XBMC

[2011/05/24 18:20:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-706699826-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - No CLSID value found.
O4 - HKU\S-1-5-21-507921405-706699826-1417001333-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKU\S-1-5-21-507921405-706699826-1417001333-1003..\Run: [msnmsgr] File not found
O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [showDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [showDeskFix] File not found
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://aim.sasktel....ca32/wficat.cab (Citrix ICA Client)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell...lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell - "" = AutoRun
O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6a29990f-4db3-11df-acdc-0018f3510594}\Shell\AutoRun\command - "" = H:\Setup.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/05/23 02:08:56 | 000,012,420 | -HS- | M] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6
[2011/05/23 02:08:56 | 000,012,420 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\w7wk868rbh6
[2011/05/14 13:09:38 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Copy log you get

How is the machine running now?

Share this post


Link to post
Share on other sites

Ran the fix. Upon reboot Windows Update instantly popped up saying Updates were ready to install. Woo!! One down and working!

Still cannot update Microsoft Security Essentials however. Just instantly pops up as connection failed. Weird!

Log as requested below.

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{09B71986-2AC5-482D-B6CB-42EA34F4F85B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09B71986-2AC5-482D-B6CB-42EA34F4F85B}\ not found.

Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09B71986-2AC5-482D-B6CB-42EA34F4F85B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09B71986-2AC5-482D-B6CB-42EA34F4F85B}\ not found.

Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.

Registry value HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

Starting removal of ActiveX control {238F6F83-B8B4-11CF-8771-00A024541EE3}

C:\WINDOWS\Downloaded Program Files\wficat.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\ not found.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}

C:\WINDOWS\Downloaded Program Files\DellSystemLite.INF moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3}\ not found.

Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {D821DC4A-0814-435E-9820-661C543A4679}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D821DC4A-0814-435E-9820-661C543A4679}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D821DC4A-0814-435E-9820-661C543A4679}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D821DC4A-0814-435E-9820-661C543A4679}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D821DC4A-0814-435E-9820-661C543A4679}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D821DC4A-0814-435E-9820-661C543A4679}\ not found.

Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}

C:\WINDOWS\Downloaded Program Files\CTPID.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{565559cf-a052-11dc-ac89-00e04c4c781f}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a29990f-4db3-11df-acdc-0018f3510594}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a29990f-4db3-11df-acdc-0018f3510594}\ not found.

File H:\Setup.exe not found.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\OLD4B.tmp deleted successfully.

C:\WINDOWS\System32\tmp3E.tmp deleted successfully.

C:\WINDOWS\System32\tmp8D.tmp deleted successfully.

C:\WINDOWS\003297_.tmp deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\Documents and Settings\Devan\Local Settings\Application Data\w7wk868rbh6 moved successfully.

C:\Documents and Settings\All Users\Application Data\w7wk868rbh6 moved successfully.

C:\Documents and Settings\Devan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

User: Devan

->Temp folder emptied: 93124943 bytes

->Temporary Internet Files folder emptied: 13426679 bytes

->Java cache emptied: 41239 bytes

->FireFox cache emptied: 4662743 bytes

->Google Chrome cache emptied: 439116527 bytes

->Flash cache emptied: 2478422 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 1415086 bytes

->Temporary Internet Files folder emptied: 17466293 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1835234 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 547.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Devan

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: postgres

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05262011_235248

Files\Folders moved on Reboot...

C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download ComboFix to your Dekstop from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Disable any realtime protection (AntiVirus,AntiSpyware...)so they don't interfere with ComboFix <- IMPORTANT!!
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

next open OTL,

click None

under Extra Registy select Use SafeList

click Run scan

copy Extras.txt

Share this post


Link to post
Share on other sites

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download ComboFix to your Dekstop from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Disable any realtime protection (AntiVirus,AntiSpyware...)so they don't interfere with ComboFix <- IMPORTANT!!
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

next open OTL,

click None

under Extra Registy select Use SafeList

click Run scan

copy Extras.txt

ComboFix 11-05-26.05 - Devan 05/27/2011 12:23:08.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1263 [GMT -6:00]

Running from: c:\documents and settings\Devan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Devan\Application Data\inst.exe

c:\documents and settings\Devan\My Documents\about.html

C:\test.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))

.

.

2011-05-27 05:54 . 2011-05-27 05:54 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKslcdf7f63f.sys

2011-05-27 05:52 . 2011-05-27 05:52 -------- d-----w- C:\_OTL

2011-05-25 00:38 . 2011-05-25 00:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKsl8289a536.sys

2011-05-25 00:38 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\mpengine.dll

2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\Devan\Application Data\Malwarebytes

2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-23 10:02 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-23 10:02 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\Devan\Application Data\SUPERAntiSpyware.com

2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-23 00:30 . 2011-05-23 00:39 -------- d-----w- C:\bd_logs

2011-05-22 18:08 . 2011-05-23 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\nH04201LeNmL04201

2011-05-20 22:52 . 2011-05-20 22:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-15 21:57 . 2011-05-17 00:14 -------- d-----w- c:\program files\CarbonPoker

2011-05-15 21:43 . 2011-05-15 21:43 -------- d-----w- c:\program files\iPod

2011-05-15 21:43 . 2011-05-15 21:44 -------- d-----w- c:\program files\iTunes

2011-05-15 21:39 . 2011-05-15 21:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-09 20:46 . 2010-07-08 13:56 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-18 17:53 . 2011-03-23 03:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]

"P17Helper"="SPIRun.dll" [2006-07-03 10752]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]

"dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2010-08-18 770728]

"EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2010-08-18 139944]

"Dell V715w Fax Server"="c:\program files\Dell V715w\fm3032.exe" [2010-08-18 316072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

.

c:\documents and settings\Devan\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Devan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

SABnzbd.lnk - c:\program files\SABnzbd\SABnzbd.exe [2010-11-15 337408]

SickBeard.lnk - c:\documents and settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe [2011-5-24 26112]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 2390

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-09-20 15:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PNAgent]

2006-07-05 21:51 40960 ----a-w- c:\program files\PhatNoise Media Manager\PNAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\ben there, dan that!\\BTDT.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\TGP.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\winsetup.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Dell V715w\\dleefax.exe"=

"c:\\WINDOWS\\system32\\dleecoms.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"c:\\Documents and Settings\\Devan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Documents and Settings\\Devan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\broken sword shadow of the templars\\bs1dc.exe"=

"c:\\Program Files\\AirPort\\APAgent.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\revenge of the titans\\RevengeOfTheTitans.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\lugaru hd\\Lugaru.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/3/2007 11:42 PM 682232]

R1 MpKsl8289a536;MpKsl8289a536;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKsl8289a536.sys [5/24/2011 6:38 PM 28752]

R1 MpKslcdf7f63f;MpKslcdf7f63f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C213B68-195E-4A2C-937C-220666F3D1A2}\MpKslcdf7f63f.sys [5/26/2011 11:54 PM 28752]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]

S1 MpKsl119aaa43;MpKsl119aaa43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys [?]

S1 MpKsl777e1b34;MpKsl777e1b34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys [?]

S1 MpKsl9fcf74a3;MpKsl9fcf74a3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [6/6/2010 9:23 PM 193192]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/24/2011 11:27 AM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/21/2009 6:39 PM 17408]

S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]

S3 PD91VMDefrag;PD91VMDefrag;c:\program files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2/29/2008 10:44 AM 226568]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/18/2007 9:25 PM 235648]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [6/18/2007 9:25 PM 13532]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLCDF7F63F

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003Core.job

- c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003UA.job

- c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58]

.

2011-05-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{34DD1415-64B0-498A-862C-56D3D3E760FA}: NameServer = 142.165.21.5,142.165.200.5

FF - ProfilePath - c:\documents and settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

MSConfigStartUp-Simplify Media - c:\program files\Simplify Media\SimplifyMedia.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Devan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-27 12:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:0a,f7,20,d9,2f,5f,e2,2f,17,ca,2d,66,51,10,a3,0c,06,e2,ad,98,e1,fa,7d,

b3,64,26,f2,7a,33,fa,fb,64,d7,6d,75,fc,93,f2,8c,0a,31,4e,7e,8d,c8,bc,f8,ee,\

"??"=hex:fc,49,a6,30,64,3f,75,f1,d6,0a,f2,22,8c,4b,4b,06

.

[HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\License information*]

"datasecu"=hex:81,cd,08,0f,26,54,a7,f3,80,56,c5,8d,bb,89,7e,7e,48,1e,10,df,01,

c5,47,71,a7,d0,3c,7c,07,7e,43,0f,64,dc,bd,7a,39,b0,ee,69,c7,9a,2a,3e,d0,81,\

"rkeysecu"=hex:32,de,6e,b7,e1,82,b3,93,89,17,8e,72,d8,a3,be,aa

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

Completion time: 2011-05-27 12:28:42

ComboFix-quarantined-files.txt 2011-05-27 18:28

.

Pre-Run: 241,792,544,768 bytes free

Post-Run: 241,736,171,520 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 344A695AAE6CB6DAA12C30D258AE574C

================================== EXTRAS.TXT ==================================

OTL Extras logfile created on: 5/27/2011 12:31:33 PM - Run 5

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Devan\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.78% Memory free

3.85 Gb Paging File | 3.05 Gb Available in Paging File | 79.32% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 225.17 Gb Free Space | 48.35% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 46.37 Gb Free Space | 4.98% Space Free | Partition Type: NTFS

Drive G: | 931.51 Gb Total Space | 16.50 Gb Free Space | 1.77% Space Free | Partition Type: NTFS

Computer Name: DEVAN-PC | User Name: Devan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"ANTIVIRUSDISABLENOTIFY" = 0

"FIREWALLDISABLENOTIFY" = 0

"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"5353:UDP" = 5353:UDP:*:Enabled:Bonjour

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)

"C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe" = C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition -- ()

"C:\Program Files\Steam\steamapps\common\ben there, dan that!\BTDT.exe" = C:\Program Files\Steam\steamapps\common\ben there, dan that!\BTDT.exe:*:Enabled:Ben There, Dan That! -- (Chris Jones)

"C:\Program Files\Steam\steamapps\common\time gentlemen, please!\TGP.exe" = C:\Program Files\Steam\steamapps\common\time gentlemen, please!\TGP.exe:*:Enabled:Time Gentlemen, Please! -- (Chris Jones)

"C:\Program Files\Steam\steamapps\common\time gentlemen, please!\winsetup.exe" = C:\Program Files\Steam\steamapps\common\time gentlemen, please!\winsetup.exe:*:Enabled:Time Gentlemen, Please! -- (Chris Jones)

"C:\Program Files\Dell V715w\dleefax.exe" = C:\Program Files\Dell V715w\dleefax.exe:*:Enabled:Fax software -- ()

"C:\WINDOWS\system32\dleecoms.exe" = C:\WINDOWS\system32\dleecoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" = C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe:*:Enabled:Plug and Play -- (Creative Technology Ltd)

"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()

"C:\Program Files\Steam\steamapps\common\monkey2\Monkey2.exe" = C:\Program Files\Steam\steamapps\common\monkey2\Monkey2.exe:*:Enabled:Monkey Island 2: Special Edition -- (LucasArts Entertainment Company)

"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Devan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Devan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

"C:\Program Files\Steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe" = C:\Program Files\Steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe:*:Enabled:Broken Sword: Shadow of the Templars - Director's Cut -- ()

"C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)

"C:\Program Files\Steam\steamapps\common\osmos\osmos.exe" = C:\Program Files\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.)

"C:\Program Files\Steam\steamapps\common\revenge of the titans\RevengeOfTheTitans.exe" = C:\Program Files\Steam\steamapps\common\revenge of the titans\RevengeOfTheTitans.exe:*:Enabled:Revenge of the Titans -- ()

"C:\Program Files\Steam\steamapps\common\machinarium\machinarium.exe" = C:\Program Files\Steam\steamapps\common\machinarium\machinarium.exe:*:Enabled:Machinarium -- (Adobe Systems, Inc.)

"C:\Program Files\Steam\steamapps\common\lugaru hd\Lugaru.exe" = C:\Program Files\Steam\steamapps\common\lugaru hd\Lugaru.exe:*:Enabled:Lugaru HD -- ()

"C:\Program Files\Steam\steamapps\common\gish\gish.exe" = C:\Program Files\Steam\steamapps\common\gish\gish.exe:*:Enabled:Gish -- ()

"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()

"C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe" = C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe:*:Enabled:Aquaria -- (Bit Blot)

"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra: Overture -- ()

"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War

"{1287B0B4-0E89-4839-B552-809D5C0DC9F6}" = StudioTax 2010

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 23

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java SE Development Kit 6 Update 7

"{34E95EA8-EEED-469A-A5C6-4BCFE33CA1B7}" = StudioTax 2008

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader

"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{466240F1-4629-4D29-B619-52CEA8B57C68}_is1" = Gobliiins 4

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1" = King's Quest I: Quest for the Crown (4.1)

"{486CC64F-030A-4C9A-8716-87E26D28FKQ2}_is1" = King's Quest II: Romancing the Stones (3.1)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C0F8A40-2273-43E1-8C61-40D7F0573EDE}" = AirPort

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5D5F53E9-360E-42C9-B8B3-05D92F3C9D5B}" = AT&T Labs' Natural Voices Desktop 1.2.1

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{73301755-FDB4-4734-94CE-0290DEB85849}" = MySQL Server 5.1

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders

"{822A8730-86A7-4CAA-BDE1-7337169BFF2B}" = Sound Blaster X-Fi Xtreme Audio

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADDB203-8A7B-443A-A9C2-D3AF7156EB17}" = PhatNoise CAS Speech Support

"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{9939CA89-BE4E-4AA1-8ED1-DB0B56D762BC}" = StudioTax 2009

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.89

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.89

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D168582B-A6EB-4440-A3E2-8701570FF3D9}" = PokerEV

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{F94C940F-3B72-4877-9B27-9C71D3EF6540}" = PhatHack DMS Tools

"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools

"888poker" = 888poker

"A Vampyre Story" = A Vampyre Story

"AC3Filter" = AC3Filter (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"AudioCS" = Creative Audio Console

"Cateia_BraweDemo" = Kaptain Brawe - Demo

"CCleaner" = CCleaner

"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader

"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"CyoHash" = CyoHash

"Dell V715w" = Dell V715w

"DVD Shrink_is1" = DVD Shrink 3.2

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Episode 1" = Back to the Future The Game - Episode 1

"Exact Audio Copy" = Exact Audio Copy 0.99pb4

"FileHippo.com" = FileHippo.com Update Checker

"foobar2000" = foobar2000 v0.9.4.5

"Fraps" = Fraps (remove only)

"HaaliMkx" = Haali Media Splitter

"Hector Episode 1" = Hector - Badge of Carnage - Hector Episode 1

"ImgBurn" = ImgBurn

"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War

"Left 4 Dead" = Left 4 Dead

"LoqTTS-Susan_is1" = Loquendo TTS: Susan (American English)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaInfo" = MediaInfo 0.7.9

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"mIRC" = mIRC

"MKVtoolnix" = MKVtoolnix 4.3.0

"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)

"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2

"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1

"Notepad++" = Notepad++

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"OUTLOOK" = Microsoft Office Outlook 2007

"PAR Buddy_is1" = PAR Buddy 2.60 (32 bit)

"PartyPoker" = PartyPoker

"PhatMan" = PhatNoise Music Manager

"PhatNoise" = PhatNoise Media Manager

"PhatVoice_is1" = PhatVoice V2.0

"Poker Tracker Version 2.16.02b_is1" = Poker Tracker Version 2.16.02b

"PokerAce Hud" = PokerAce Hud (remove only)

"PokerStars" = PokerStars

"Police Quest 1+2+3+4_is1" = Police Quest 1+2+3+4

"QuickPar" = QuickPar 0.9

"SABnzbd" = SABnzbd (remove only)

"Sandboxie" = Sandboxie 3.48

"ScummVM_is1" = ScummVM 1.2.1

"SitNGoWizard" = SitNGo Wizard

"Steam App 22000" = World of Goo

"Steam App 22180" = Penumbra: Overture

"Steam App 24420" = Aquaria

"Steam App 25010" = Lugaru HD

"Steam App 26800" = Braid

"Steam App 29180" = Osmos

"Steam App 32360" = The Secret of Monkey Island: Special Edition

"Steam App 32460" = Monkey Island 2: Special Edition

"Steam App 37400" = Time Gentlemen, Please!

"Steam App 37420" = Ben There, Dan That!

"Steam App 40700" = Machinarium

"Steam App 440" = Team Fortress 2

"Steam App 57640" = Broken Sword: Shadow of the Templars - Director's Cut

"Steam App 590" = Left 4 Dead 2 Demo

"Steam App 630" = Alien Swarm

"Steam App 93200" = Revenge of the Titans

"Steam App 9500" = Gish

"Syberia_is1" = Syberia

"SysInfo" = Creative System Information

"SystemRequirementsLab" = System Requirements Lab

"TeraCopy_is1" = TeraCopy 2.12

"The Next BIG Thing - Demo (uk)" = The Next BIG Thing (Demo) (English)

"The Tournament Director 2.0" = The Tournament Director 2

"TVersity Media Server" = TVersity Media Server 1.8 Beta

"TVersity Media Server " = TVersity Media Server 1.0.0.7 RC4

"UltraFXP" = UltraFXP (remove only)

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.4

"WBFS Manager 3.0" = WBFS Manager 3.0

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CarbonPoker" = CarbonPoker

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"uTorrent" = µTorrent

"WinSetupFromUSB" = WinSetupFromUSB

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/25/2011 8:20:29 PM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/25/2011 8:25:35 PM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/25/2011 8:25:38 PM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000

Description =

Error - 5/26/2011 8:20:30 PM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/27/2011 1:57:19 AM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/27/2011 1:57:24 AM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000

Description =

Error - 5/27/2011 1:57:27 AM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/27/2011 1:57:30 AM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000

Description =

Error - 5/27/2011 1:59:26 AM | Computer Name = DEVAN-PC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80248014, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/27/2011 1:59:29 AM | Computer Name = DEVAN-PC | Source = Microsoft Security Client | ID = 5000

Description =

[ OSession Events ]

Error - 10/7/2008 8:51:09 PM | Computer Name = DEVAN-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3135

seconds with 420 seconds of active time. This session ended with a crash.

[ SitNGoWizard Events ]

Error - 3/6/2011 8:04:43 PM | Computer Name = DEVAN-PC | Source = SitNGoWizard | ID = 1

Description = Invoke or BeginInvoke cannot be called on a control until the window

handle has been created.

Error - 3/6/2011 8:04:43 PM | Computer Name = DEVAN-PC | Source = SitNGoWizard | ID = 1

Description = at System.Windows.Forms.Control.MarshaledInvoke(Control caller,

Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate

method, Object[] args) at System.Windows.Forms.Control.Invoke(Delegate method)

at SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) at

System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&

m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr

wparam, IntPtr lparam)

Error - 3/6/2011 8:11:06 PM | Computer Name = DEVAN-PC | Source = SitNGoWizard | ID = 1

Description = Could not find a part of the path 'C:\Program Files\In The Money\SitNGo

Wizard\__QuizGame__'.

[ System Events ]

Error - 5/27/2011 1:52:49 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7034

Description = The TVersityMediaServer service terminated unexpectedly. It has done

this 1 time(s).

Error - 5/27/2011 1:52:51 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 5/27/2011 1:55:05 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the dleeCATSCustConnectService

service to connect.

Error - 5/27/2011 1:55:05 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7000

Description = The dleeCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 5/27/2011 1:55:05 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7000

Description = The Cyberlink RichVideo Service(CRVS) service failed to start due

to the following error: %%3

Error - 5/27/2011 1:55:07 AM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SASDIFSV SASKUTIL

Error - 5/27/2011 1:57:18 AM | Computer Name = DEVAN-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.105.434.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error

code: 0x80248014 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 5/27/2011 1:57:27 AM | Computer Name = DEVAN-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.105.434.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error

code: 0x80248014 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 5/27/2011 1:59:26 AM | Computer Name = DEVAN-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.105.434.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error

code: 0x80248014 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 5/27/2011 2:23:00 PM | Computer Name = DEVAN-PC | Source = Service Control Manager | ID = 7034

Description = The TVersityMediaServer service terminated unexpectedly. It has done

this 1 time(s).

< End of report >

Share this post


Link to post
Share on other sites

Open NOTEPAD and copy/paste the following:

KIllAll::

Driver::
SjyPkt

File::
c:\windows\system32\drivers\SjyPkt.sys

Folder::
c:\documents and settings\All Users\Application Data\nH04201LeNmL04201

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Save this as CFScript

Temporarily disable your Antivirus

CFScriptB-4.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Any progress with updates now?

Share this post


Link to post
Share on other sites

Open NOTEPAD and copy/paste the following:

KIllAll::

Driver::
SjyPkt

File::
c:\windows\system32\drivers\SjyPkt.sys

Folder::
c:\documents and settings\All Users\Application Data\nH04201LeNmL04201

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Save this as CFScript

Temporarily disable your Antivirus

CFScriptB-4.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Any progress with updates now?

ComboFix 11-05-26.05 - Devan 05/27/2011 14:36:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1173 [GMT -6:00]

Running from: c:\documents and settings\Devan\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Devan\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\system32\drivers\SjyPkt.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\nH04201LeNmL04201

c:\documents and settings\All Users\Application Data\nH04201LeNmL04201\nH04201LeNmL04201

c:\windows\system32\drivers\SjyPkt.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SJYPKT

-------\Service_SjyPkt

.

.

((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))

.

.

2011-05-27 18:48 . 2011-05-27 18:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D28909A-B37D-499E-9194-47D626B2B85E}\MpKsl6ebc784f.sys

2011-05-27 18:34 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D28909A-B37D-499E-9194-47D626B2B85E}\mpengine.dll

2011-05-27 05:52 . 2011-05-27 05:52 -------- d-----w- C:\_OTL

2011-05-25 01:51 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll

2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\Devan\Application Data\Malwarebytes

2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-23 10:02 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-23 10:02 . 2011-05-23 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-23 10:02 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\Devan\Application Data\SUPERAntiSpyware.com

2011-05-23 08:09 . 2011-05-23 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-23 00:30 . 2011-05-23 00:39 -------- d-----w- C:\bd_logs

2011-05-20 22:52 . 2011-05-20 22:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-15 21:57 . 2011-05-17 00:14 -------- d-----w- c:\program files\CarbonPoker

2011-05-15 21:43 . 2011-05-15 21:43 -------- d-----w- c:\program files\iPod

2011-05-15 21:43 . 2011-05-15 21:44 -------- d-----w- c:\program files\iTunes

2011-05-15 21:39 . 2011-05-15 21:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-09 20:46 . 2010-07-08 13:56 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-07 05:33 . 2007-06-19 03:04 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2007-05-25 05:18 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2007-05-25 05:18 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-03-18 17:53 . 2011-03-23 03:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]

"P17Helper"="SPIRun.dll" [2006-07-03 10752]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]

"dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2010-08-18 770728]

"EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2010-08-18 139944]

"Dell V715w Fax Server"="c:\program files\Dell V715w\fm3032.exe" [2010-08-18 316072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\documents and settings\Devan\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Devan\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

SABnzbd.lnk - c:\program files\SABnzbd\SABnzbd.exe [2010-11-15 337408]

SickBeard.lnk - c:\documents and settings\Devan\Desktop\SickBeard-win32-alpha-build487\SickBeard.exe [2011-5-24 26112]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 2390

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-09-20 15:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PNAgent]

2006-07-05 21:51 40960 ----a-w- c:\program files\PhatNoise Media Manager\PNAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\ben there, dan that!\\BTDT.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\TGP.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\winsetup.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Dell V715w\\dleefax.exe"=

"c:\\WINDOWS\\system32\\dleecoms.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"c:\\Documents and Settings\\Devan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Documents and Settings\\Devan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\broken sword shadow of the templars\\bs1dc.exe"=

"c:\\Program Files\\AirPort\\APAgent.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\revenge of the titans\\RevengeOfTheTitans.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\lugaru hd\\Lugaru.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/3/2007 11:42 PM 682232]

R1 MpKsl6ebc784f;MpKsl6ebc784f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D28909A-B37D-499E-9194-47D626B2B85E}\MpKsl6ebc784f.sys [5/27/2011 12:48 PM 28752]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]

S1 MpKsl119aaa43;MpKsl119aaa43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9589DFC0-D68E-45A5-9C85-01D385005CB6}\MpKsl119aaa43.sys [?]

S1 MpKsl777e1b34;MpKsl777e1b34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{527FE448-2C9D-451C-822E-BB1DC86691AF}\MpKsl777e1b34.sys [?]

S1 MpKsl9fcf74a3;MpKsl9fcf74a3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01D52EC7-7D6C-4265-964E-E793EB24FA9B}\MpKsl9fcf74a3.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Devan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [6/6/2010 9:23 PM 193192]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/24/2011 11:27 AM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/21/2009 6:39 PM 17408]

S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]

S3 PD91VMDefrag;PD91VMDefrag;c:\program files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2/29/2008 10:44 AM 226568]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/18/2007 9:25 PM 235648]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003Core.job

- c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-706699826-1417001333-1003UA.job

- c:\documents and settings\Devan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 21:58]

.

2011-05-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{34DD1415-64B0-498A-862C-56D3D3E760FA}: NameServer = 142.165.21.5,142.165.200.5

FF - ProfilePath - c:\documents and settings\Devan\Application Data\Mozilla\Firefox\Profiles\lrb9azid.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-27 14:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:0a,f7,20,d9,2f,5f,e2,2f,17,ca,2d,66,51,10,a3,0c,06,e2,ad,98,e1,fa,7d,

b3,64,26,f2,7a,33,fa,fb,64,d7,6d,75,fc,93,f2,8c,0a,31,4e,7e,8d,c8,bc,f8,ee,\

"??"=hex:fc,49,a6,30,64,3f,75,f1,d6,0a,f2,22,8c,4b,4b,06

.

[HKEY_USERS\S-1-5-21-507921405-706699826-1417001333-1003\Software\SecuROM\License information*]

"datasecu"=hex:81,cd,08,0f,26,54,a7,f3,80,56,c5,8d,bb,89,7e,7e,48,1e,10,df,01,

c5,47,71,a7,d0,3c,7c,07,7e,43,0f,64,dc,bd,7a,39,b0,ee,69,c7,9a,2a,3e,d0,81,\

"rkeysecu"=hex:32,de,6e,b7,e1,82,b3,93,89,17,8e,72,d8,a3,be,aa

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4024)

c:\windows\system32\WININET.dll

c:\documents and settings\Devan\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dleecoms.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\program files\TVersity\Media Server\MediaServer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\Rundll32.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-05-27 14:53:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-27 20:53

ComboFix2.txt 2011-05-27 18:28

.

Pre-Run: 241,142,145,024 bytes free

Post-Run: 240,951,345,152 bytes free

.

- - End Of File - - 58573EC8B7F663D70DCF18A4DBE4A0F4

Share this post


Link to post
Share on other sites

Upon the last run of ComboFix with script, I still cannot update Microsoft Security Essentials.

Submitted an SAS Threat Check as per Customer Service post. Thanks!

Share this post


Link to post
Share on other sites

Upon the last run of ComboFix with script, I still cannot update Microsoft Security Essentials.

Submitted an SAS Threat Check as per Customer Service post. Thanks!

"I still cannot update Microsoft Security Essentials."

You may want to contact microsoft about that :)

Share this post


Link to post
Share on other sites

You could try the MSE uninstall/reinstall method here

http://answers.microsoft.com/en-us/protect/forum/protect_start/remove-and-reinstall/0d69001f-af50-4a20-9430-01f2fa30316e

Otherwise try manually uninstalling MSE then reinstalling it

http://support.microsoft.com/kb/2435760/

Upon the last run of ComboFix with script, I still cannot update Microsoft Security Essentials.

Submitted an SAS Threat Check as per Customer Service post. Thanks!

Share this post


Link to post
Share on other sites

You could try the MSE uninstall/reinstall method here

http://answers.microsoft.com/en-us/protect/forum/protect_start/remove-and-reinstall/0d69001f-af50-4a20-9430-01f2fa30316e

Otherwise try manually uninstalling MSE then reinstalling it

http://support.microsoft.com/kb/2435760/

If I may offer a little advice here, Xp Anti-virus and several other malware of late unregister windows update dll file. The solution is really simple.

Click start > Run (If you have Vista or Windows 7 you must use Task mgr > New task) > paste the command below into the run box then press enter. Wait for the success message. Your ability to update should be restored.

%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

Share this post


Link to post
Share on other sites

If I may offer a little advice here, Xp Anti-virus and several other malware of late unregister windows update dll file. The solution is really simple.

Click start > Run (If you have Vista or Windows 7 you must use Task mgr > New task) > paste the command below into the run box then press enter. Wait for the success message. Your ability to update should be restored.

%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

That didn't fix my problem with windows update

Share this post


Link to post
Share on other sites

my log

OTL logfile created on: 6/5/2011 10:57:25 AM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Agnes\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.02% Memory free

8.20 Gb Paging File | 6.14 Gb Available in Paging File | 74.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.39 Gb Total Space | 20.69 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

Drive D: | 13.70 Gb Total Space | 2.06 Gb Free Space | 15.01% Space Free | Partition Type: NTFS

Computer Name: AGNES-PC | User Name: Agnes | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 10:56:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Agnes\Downloads\OTL.exe

PRC - [2011/06/05 00:16:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/05/04 21:35:42 | 000,332,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE

PRC - [2011/01/21 08:28:58 | 000,810,456 | ---- | M] (Microsoft Corporation) -- c:\b59b446a76f244f017c188d7af41\checksur.exe

PRC - [2011/01/21 08:28:58 | 000,045,112 | ---- | M] () -- c:\b59b446a76f244f017c188d7af41\checksurlauncher.exe

PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe

PRC - [2009/02/24 17:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

PRC - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

PRC - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

PRC - [2009/02/09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe

PRC - [2008/09/26 06:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2008/09/25 22:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2008/09/25 22:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

PRC - [2008/07/21 11:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\Agnes\Documents\RCA Detective\RCADetective.exe

PRC - [2007/08/29 18:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

========== Modules (SafeList) ==========

MOD - [2011/06/05 10:56:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Agnes\Downloads\OTL.exe

MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll

MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/03/18 20:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)

SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2007/08/29 18:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)

SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/08/21 20:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2008/07/21 06:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/04/28 21:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/03/27 16:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 16:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®

DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/08/15 19:28:18 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\n558.sys -- (n558)

DRV:64bit: - [2007/06/27 14:47:12 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)

DRV:64bit: - [2007/06/27 14:46:22 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)

DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2007/05/07 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2008/09/26 06:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

DRV - [2007/08/10 15:08:50 | 000,027,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pr&c=91&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pr&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/14 22:09:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/05 00:16:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/05 00:16:45 | 000,000,000 | ---D | M]

[2009/08/20 19:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Extensions

[2011/05/14 21:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\ie4ma4sk.default\extensions

[2011/05/14 16:47:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\ie4ma4sk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(222)

[2011/05/14 16:47:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\ie4ma4sk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(223)

[2011/05/15 10:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/09/24 21:46:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/01/15 13:27:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/05/14 17:14:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2011/05/14 22:09:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2009/07/01 22:01:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/06/05 00:16:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2011/06/05 00:16:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3:64bit: - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()

O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Agnes\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)

O4 - Startup: C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{33a71268-dff8-11de-b9fa-00235a2fdb97}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\goMEn.eXE

O33 - MountPoints2\{520ecce4-d532-11de-a1df-00235a2fdb97}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GOMeN.eXE

O33 - MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\Shell\AutoRun\command - "" = F:\MULTIM~1.EXE

O33 - MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\Shell\doubleTwist\command - "" = F:\MULTIM~1.EXE

O33 - MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\Shell - "" = AutoRun

O33 - MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

O33 - MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

O33 - MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\Shell\AutoRun\command - "" = F:\rcaDVM_setup.exe

O33 - MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\Shell\install\command - "" = F:\rcaDVM_setup.exe

O33 - MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\Shell - "" = AutoRun

O33 - MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\Shell - "" = AutoRun

O33 - MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

O33 - MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 10:52:53 | 000,000,000 | ---D | C] -- C:\b59b446a76f244f017c188d7af41

[2011/05/19 10:45:21 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax

[2011/05/19 10:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Talk to Me 7.0

[2011/05/19 10:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auralog

[2011/05/15 10:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011/05/14 22:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/05/14 22:10:29 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/05/14 22:10:28 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/05/14 22:10:24 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/05/14 22:10:23 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/05/14 22:10:22 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/05/14 22:10:21 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/05/14 22:09:31 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/05/14 22:09:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/05/14 22:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/05/14 22:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/05/14 21:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/05/14 21:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2011/05/14 21:43:10 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/05/14 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/14 21:43:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/05/14 17:57:10 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/05/14 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Roaming\SUPERAntiSpyware.com

[2011/05/14 15:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/05/14 15:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/14 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Roaming\Malwarebytes

[2011/05/14 15:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/14 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2 C:\Users\Agnes\Desktop\*.tmp files -> C:\Users\Agnes\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 10:48:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1642153451-883063535-3536702933-1000UA.job

[2011/06/05 10:11:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/05 09:58:08 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C0E8681-07CA-48A8-AF3B-5FB999EC293A}.job

[2011/06/05 09:55:11 | 000,076,579 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/06/05 09:55:08 | 000,076,579 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/06/05 09:55:06 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/05 09:51:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/05 09:51:27 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/05 09:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/05 00:42:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/06/05 00:36:42 | 174,098,821 | ---- | M] () -- C:\Users\Agnes\Desktop\Windows6.0-KB947821-v14-x64.msu

[2011/06/05 00:34:50 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/06/04 19:08:53 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini

[2011/06/04 18:47:09 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/06/04 18:47:09 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/06/04 18:47:09 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/05/30 23:01:44 | 001,048,016 | ---- | M] () -- C:\Users\Agnes\Desktop\Headgear Appliances - Columbia New_BW.pdf

[2011/05/30 11:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1642153451-883063535-3536702933-1000Core.job

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/05/19 10:45:01 | 000,000,011 | ---- | M] () -- C:\trace.ini

[2011/05/19 10:45:00 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Talk to Me 7.0.lnk

[2011/05/16 14:57:32 | 000,689,664 | ---- | M] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50202.msi

[2011/05/16 03:14:34 | 000,648,704 | ---- | M] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50267.msi

[2011/05/14 22:10:31 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/05/14 22:10:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/05/14 22:08:02 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/05/14 21:54:34 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/14 21:43:10 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/14 00:47:03 | 000,010,080 | -HS- | M] () -- C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27

[2011/05/14 00:47:03 | 000,010,080 | -HS- | M] () -- C:\ProgramData\d43ty083vt8n0eg1yin153biwk27

[2011/05/10 17:51:02 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAgnes.job

[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/05/10 08:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/05/10 08:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/05/10 08:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/05/10 08:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/05/10 07:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/05/10 07:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2 C:\Users\Agnes\Desktop\*.tmp files -> C:\Users\Agnes\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 00:20:47 | 174,098,821 | ---- | C] () -- C:\Users\Agnes\Desktop\Windows6.0-KB947821-v14-x64.msu

[2011/06/05 00:16:46 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/06/04 19:08:37 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini

[2011/06/04 18:48:30 | 000,689,664 | ---- | C] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50202.msi

[2011/06/04 18:48:27 | 000,648,704 | ---- | C] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50267.msi

[2011/05/30 23:01:43 | 001,048,016 | ---- | C] () -- C:\Users\Agnes\Desktop\Headgear Appliances - Columbia New_BW.pdf

[2011/05/19 10:45:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

[2011/05/19 10:45:13 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd

[2011/05/19 10:45:01 | 000,000,011 | ---- | C] () -- C:\trace.ini

[2011/05/19 10:45:00 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Talk to Me 7.0.lnk

[2011/05/15 10:36:30 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/05/14 22:10:31 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/05/14 22:08:02 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/05/14 21:54:34 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/14 21:43:10 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/13 19:04:03 | 000,010,080 | -HS- | C] () -- C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27

[2011/05/13 19:04:03 | 000,010,080 | -HS- | C] () -- C:\ProgramData\d43ty083vt8n0eg1yin153biwk27

[2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sound Effects

[2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Solid Colors

[2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Services

[2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Scripts Menu

[2011/01/10 00:37:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2011/01/10 00:37:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2011/01/10 00:37:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Smooth Strings

[2011/01/10 00:37:13 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Screen Savers

[2011/01/10 00:37:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2010/11/08 02:45:37 | 000,012,485 | ---- | C] () -- C:\Users\Agnes\AppData\Local\tmp73256_449698381754_513721754_5938744_5063783_N_navi.JPG

[2010/11/08 02:45:34 | 000,081,061 | ---- | C] () -- C:\Users\Agnes\AppData\Local\tmp73256_449698381754_513721754_5938744_5063783_N.0

[2010/11/08 02:45:34 | 000,059,028 | ---- | C] () -- C:\Users\Agnes\AppData\Local\tmp73256_449698381754_513721754_5938744_5063783_N.JPG

[2010/10/15 15:45:44 | 000,000,680 | ---- | C] () -- C:\Users\Agnes\AppData\Local\d3d9caps.dat

[2010/09/24 21:48:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/15 23:44:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Saver

[2010/01/15 23:44:13 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Sampler

[2010/01/15 23:44:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2010/01/15 23:32:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler Instruments

[2010/01/15 23:32:12 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Rule Actions

[2010/01/15 23:32:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2009/12/20 21:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/09/14 01:53:38 | 000,038,429 | ---- | C] () -- C:\Users\Agnes\AppData\Roaming\Comma Separated Values (Windows).ADR

[2009/08/15 16:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/08/15 16:55:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2009/08/15 16:54:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/05/05 11:46:28 | 000,000,732 | ---- | C] () -- C:\Users\Agnes\AppData\Local\d3d9caps64.dat

[2009/03/09 18:50:18 | 000,026,311 | ---- | C] () -- C:\Users\Agnes\AppData\Roaming\UserTile.png

[2009/03/08 19:06:43 | 000,067,584 | ---- | C] () -- C:\Users\Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/08 00:28:26 | 000,076,579 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/03/07 23:24:23 | 000,076,579 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/10/21 12:46:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008/10/21 12:22:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007/08/10 15:08:50 | 000,027,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys

[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/07/01 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\cerasus.media

[2010/06/06 22:34:07 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1

[2011/05/14 21:48:11 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Dropbox

[2009/09/14 01:29:24 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\GetRightToGo

[2009/09/14 00:50:28 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\ICAClient

[2009/06/26 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\iWin

[2010/01/16 00:10:17 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Nikon

[2009/03/09 18:50:17 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PeerNetworking

[2010/12/26 13:21:09 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PrimoPDF

[2009/09/14 00:49:55 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Runaware

[2011/02/13 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\W Photo Studio Viewer

[2009/03/06 20:51:03 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\WildTangent

[2011/06/05 00:42:34 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/06/05 09:58:08 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C0E8681-07CA-48A8-AF3B-5FB999EC293A}.job

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×