Possible trojan? Many problems. Help would be appreciated!

View previous topic View next topic Go down

Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Wed Jul 28, 2010 2:15 am

Hello all, lately, ive been having some problems, that I cant really figure out or understand why they came about. I run an XPS 420 Windows Vista Home premium 32-bit system, so far, I havent had any major problems, up until recently. This past Sunday, I came home to turn on my PC after not having it on for 4 days. When I first logged in, I had tried going on Internet Explorer, but had found that my taskbar and desktop and web browser would frequently freeze, and freeze enough to cause me to illegally shut down my pc (because whenever I hit restart, nothing would happen.) Logging back in again, I decided to talk to my friend about the situation, and he suggested I switch web browsers first of all. So I switched to firefox and restored my internet explorer back to default. Everything seemed fine, until the freezing came back again the next night. I ran a disk defragmenter overnight along with a virus scan. I woke up the next morning to find that a trojan had been quarantined, according to McAfee. I went to McAfee's restore tool and removed the trojan. To add to this matter, I have been crashing hard on some games that I play, and by this I mean, complete freeze of the game, and when trying to bring up task manager, I get an error saying "failed security options," or something like that.

Tonight, and as I am typing this, I am experiencing the freezing of the taskbar and desktop, and I am running a full virus scan and disk defragmenter at the moment. A long with this, I cannot bring up my task manager in ANY way, I tried ctrl+alt+del, Run -> TSKMGR, and right clicking my taskbar -> task manager. It still has not come up. Instead, the CPU usage monitor has appeared and is still here by my computer's clock, and my CPU usage is constantly spiking. Mostly up to 50%.

I have no idea what to do, and I am hoping that someone can help me.

Note: It takes 3 clicks in order to bring up a minimized window from my taskbar. And also, before I switched to firefox from IE a couple days ago, I was experiencing 30 second freezes when clicking on links, after the freeze, the link would never come up, so thats when I decided to switch to firefox.

Note: Just finished a full scan of my PC using McAfee:

Items Scanned: 536962
Items Detected: 0
Items Fixed: 0
Items Quarantined: 0
Items Remaining: 0



Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Fri Jul 30, 2010 1:58 am

Its been 3 days without any replies, just a heads up.

Also, I keep freezing whenever I play a game of StarCraft II. This wasnt a problem before until tonight, July 29th, 9:20 pm (est).

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Fri Jul 30, 2010 3:26 am

Hi coldplasma,

Sorry for the delay. Looks like your thread got missed in the mass of new ones.

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Download [You must be registered and logged in to see this link.] to your Desktop


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Fri Jul 30, 2010 6:09 am

I will go through with this. But it is confirmed that I have a malware issue? Oh man :(

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

OTL Log (1/2)

Post by Coldplasma819 on Fri Jul 30, 2010 5:20 pm

I want to note that I have a large amount of processes running, around 87 at the moment after ending useless start up processes. Below is the OTL.Txt log:

OTL logfile created on: 7/30/2010 12:57:22 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 86.83 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.89 Gb Free Space | 32.58% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERRARO-2
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/30 12:18:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2010/07/21 00:47:05 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/07 16:53:35 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/29 09:31:56 | 004,554,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/04/29 09:17:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/06 17:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/30 12:18:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
MOD - [2010/07/26 13:10:22 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/07/26 13:10:22 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/07/16 17:32:32 | 000,815,384 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
MOD - [2010/07/16 17:32:32 | 000,048,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
MOD - [2010/07/16 17:32:20 | 000,186,136 | ---- | M] (Apache Software Foundation) -- C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
MOD - [2010/07/16 17:32:20 | 000,128,280 | ---- | M] (Apache Software Foundation) -- C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
MOD - [2010/07/16 17:32:18 | 000,062,744 | ---- | M] (Free Software Foundation) -- C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/03/21 08:55:16 | 000,087,304 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
MOD - [2009/04/29 09:29:06 | 000,098,304 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TV.dll
MOD - [2008/08/27 23:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008/01/19 03:34:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 05:46:13 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shfolder.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/07/21 00:47:05 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/05 00:34:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/29 09:17:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/12 18:46:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R)
SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R)
SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R)
SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 01:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/12/13 02:00:29 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/13 02:00:29 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/13 02:00:29 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/12 18:34:51 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/09/12 04:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 04:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 04:56:54 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/08 02:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV - [2007/04/25 02:00:00 | 000,235,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV - [2007/04/02 00:42:08 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/04/02 00:42:04 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/04/02 00:42:02 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/03/05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2007/02/18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007/02/17 11:37:34 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/defaulta.aspx"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/25 12:44:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 22:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 22:00:32 | 000,000,000 | ---D | M]

[2010/07/25 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2010/07/29 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\xm8l9xbn.default\extensions
[2010/07/27 13:11:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\xm8l9xbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/25 22:00:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: giftube.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [You must be registered and logged in to see this link.] (CDownloadCtrl Object)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} [You must be registered and logged in to see this link.] (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/03 20:47:34 | 000,000,053 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{117485b7-a8fe-11dc-8bad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{117485b7-a8fe-11dc-8bad-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2004/03/03 20:57:06 | 000,024,576 | R--- | M] ()
O33 - MountPoints2\{117485b8-a8fe-11dc-8bad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{117485b8-a8fe-11dc-8bad-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/05/25 00:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/07/30 12:18:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/07/30 12:00:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/29 22:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/29 22:37:35 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/28 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/27 18:12:50 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\StarCraft II
[2010/07/27 18:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/07/27 18:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/26 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\TSVNCache
[2010/07/26 13:18:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\TortoiseSVN
[2010/07/26 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Subversion
[2010/07/26 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/07/26 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/07/25 22:00:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Mozilla
[2010/07/25 22:00:37 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Mozilla
[2010/07/25 22:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/20 18:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(4)
[2010/07/20 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\Joe\{27eac569-beea-4c92-82ca-b7e5bf129ce0}
[2010/07/20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/14 13:33:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\manycam_playlist.mcp_files
[2010/07/14 13:25:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\ManyCam
[2010/07/14 13:25:43 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\ManyCam
[2010/07/14 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2010/07/02 01:57:16 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\LolClient
[2010/07/02 01:42:25 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/07/02 01:23:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\LeagueofLegends
[2010/07/02 01:22:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\PMB Files
[2010/07/02 01:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/07/02 01:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/06/24 00:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\IPX-SPX Protocol
[2010/06/21 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Red Alert 3
[2010/06/21 22:43:03 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\LogMeIn Hamachi
[2010/06/21 22:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/06/21 20:32:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Red Alert 3
[2010/06/13 00:52:31 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\NVIDIA
[2010/05/17 21:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptic Studios
[2010/05/10 18:52:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\IGN_DLM
[2010/05/10 16:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 3P
[2010/05/07 17:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM Toolbar
[2010/05/07 17:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2010/05/07 17:04:53 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\AIM Toolbar
[2010/05/07 17:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/07 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/05/07 17:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/07/30 12:57:45 | 008,126,464 | -HS- | M] () -- C:\Users\Joe\ntuser.dat
[2010/07/30 12:25:13 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27AB5009-59F4-4440-89F1-C972EED447E7}.job
[2010/07/30 12:18:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2010/07/30 12:14:50 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/30 12:14:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/30 12:14:39 | 000,000,222 | ---- | M] () -- C:\Windows\tasks\PersonalAV.job
[2010/07/30 12:14:30 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969f-9421-11df-a3e8-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/07/30 12:14:30 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969f-9421-11df-a3e8-00197ee6f116}.TM.blf
[2010/07/30 12:04:06 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/30 12:00:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/30 11:25:42 | 000,030,937 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/07/30 11:25:00 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/30 11:24:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/30 11:24:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/30 11:24:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/30 11:24:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/30 02:16:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/30 02:15:14 | 002,347,649 | -H-- | M] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2010/07/28 23:02:06 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/27 18:43:19 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/26 19:56:23 | 001,048,576 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.2.regtrans-ms
[2010/07/26 19:56:23 | 001,048,576 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.1.regtrans-ms
[2010/07/26 19:56:23 | 001,048,576 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.0.regtrans-ms
[2010/07/26 19:56:23 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.blf
[2010/07/26 12:50:54 | 000,087,040 | ---- | M] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 22:00:35 | 000,001,750 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 22:00:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/22 20:17:44 | 000,138,624 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/22 20:17:34 | 000,218,464 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/07/21 00:37:03 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{a5b2969f-9421-11df-a3e8-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 00:31:09 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{db5acf25-8cfd-11df-82c4-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 00:31:09 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{db5acf25-8cfd-11df-82c4-00197ee6f116}.TM.blf
[2010/07/18 19:03:25 | 000,013,416 | ---- | M] () -- C:\Users\Joe\Documents\Morgan....docx
[2010/07/15 21:36:05 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/07/14 13:33:27 | 000,000,416 | ---- | M] () -- C:\Users\Joe\Documents\manycam_playlist.mcp
[2010/07/14 13:25:51 | 000,001,762 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2010/07/14 13:25:51 | 000,001,738 | ---- | M] () -- C:\Users\Joe\Desktop\ManyCam.lnk
[2010/07/11 12:21:34 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{db5acf25-8cfd-11df-82c4-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/07/11 12:10:23 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{c385b944-84af-11df-aefc-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/07/11 12:10:23 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{c385b944-84af-11df-aefc-00197ee6f116}.TM.blf
[2010/07/09 18:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/09 18:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/07/02 01:50:25 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/07/01 03:46:29 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{c385b944-84af-11df-aefc-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/07/01 01:20:04 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/06/30 23:00:52 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{278db2a8-846c-11df-91de-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 23:00:52 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{278db2a8-846c-11df-91de-00197ee6f116}.TM.blf
[2010/06/30 17:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{278db2a8-846c-11df-91de-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 17:18:06 | 000,524,288 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{b1ee431a-4be5-11df-851f-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 17:18:06 | 000,065,536 | -HS- | M] () -- C:\Users\Joe\ntuser.dat{b1ee431a-4be5-11df-851f-00197ee6f116}.TM.blf
[2010/06/26 12:24:21 | 000,375,232 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/26 12:24:21 | 000,327,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/26 12:24:21 | 000,043,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/26 00:03:07 | 000,138,056 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\PnkBstrK.sys
[2010/06/21 22:42:02 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/06/21 22:41:36 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini
[2010/06/21 18:43:31 | 000,000,215 | ---- | M] () -- C:\Users\Joe\Desktop\Command and Conquer Red Alert 3.url
[2010/06/21 00:01:33 | 1334,180,630 | ---- | M] () -- C:\Users\Joe\Documents\OfficialCnCTiberianSun.rar
[2010/06/13 13:46:40 | 000,001,226 | ---- | M] () -- C:\Users\Joe\Desktop\APBLauncher - Shortcut.lnk
[2010/06/11 15:42:57 | 000,315,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 12:20:22 | 002,444,656 | ---- | M] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/06/03 17:46:38 | 129,268,184 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/07 17:03:29 | 000,002,396 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 17:03:07 | 000,001,722 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/05/07 17:03:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/05/02 13:26:31 | 000,001,483 | ---- | M] () -- C:\Users\Joe\Desktop\Play UT2004.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/28 23:02:06 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/27 17:50:51 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/26 19:56:23 | 001,048,576 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.2.regtrans-ms
[2010/07/26 19:56:23 | 001,048,576 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.1.regtrans-ms
[2010/07/26 19:56:23 | 001,048,576 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.0.regtrans-ms
[2010/07/26 19:56:23 | 000,065,536 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969e-9421-11df-a3e8-00197ee6f116}.TxR.blf
[2010/07/25 22:00:35 | 000,001,750 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 22:00:35 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/21 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969f-9421-11df-a3e8-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969f-9421-11df-a3e8-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 00:37:03 | 000,065,536 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{a5b2969f-9421-11df-a3e8-00197ee6f116}.TM.blf
[2010/07/18 19:03:24 | 000,013,416 | ---- | C] () -- C:\Users\Joe\Documents\Morgan....docx
[2010/07/14 13:33:27 | 000,000,416 | ---- | C] () -- C:\Users\Joe\Documents\manycam_playlist.mcp
[2010/07/14 13:25:51 | 000,001,762 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2010/07/14 13:25:51 | 000,001,738 | ---- | C] () -- C:\Users\Joe\Desktop\ManyCam.lnk
[2010/07/11 12:21:33 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{db5acf25-8cfd-11df-82c4-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/07/11 12:21:33 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{db5acf25-8cfd-11df-82c4-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/07/11 12:21:33 | 000,065,536 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{db5acf25-8cfd-11df-82c4-00197ee6f116}.TM.blf
[2010/07/02 01:50:25 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/30 23:05:08 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{c385b944-84af-11df-aefc-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 23:05:08 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{c385b944-84af-11df-aefc-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 23:05:08 | 000,065,536 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{c385b944-84af-11df-aefc-00197ee6f116}.TM.blf
[2010/06/30 17:28:24 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{278db2a8-846c-11df-91de-00197ee6f116}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 17:28:24 | 000,524,288 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{278db2a8-846c-11df-91de-00197ee6f116}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 17:28:24 | 000,065,536 | -HS- | C] () -- C:\Users\Joe\ntuser.dat{278db2a8-846c-11df-91de-00197ee6f116}.TM.blf
[2010/06/21 22:42:02 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/06/21 22:41:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/06/21 18:43:31 | 000,000,215 | ---- | C] () -- C:\Users\Joe\Desktop\Command and Conquer Red Alert 3.url
[2010/06/20 23:25:30 | 1334,180,630 | ---- | C] () -- C:\Users\Joe\Documents\OfficialCnCTiberianSun.rar
[2010/06/13 13:46:40 | 000,001,226 | ---- | C] () -- C:\Users\Joe\Desktop\APBLauncher - Shortcut.lnk
[2010/06/13 00:48:51 | 002,444,656 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/05/07 17:03:07 | 000,001,722 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/05/07 17:03:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/05/02 13:26:31 | 000,001,483 | ---- | C] () -- C:\Users\Joe\Desktop\Play UT2004.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/30 15:33:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/07/24 22:45:41 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/23 17:56:20 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/10/13 18:26:43 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/03/10 17:53:58 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/02/03 11:55:01 | 000,138,624 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/12/13 02:00:57 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2007/02/13 12:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008/03/10 17:57:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\acccore
[2009/08/28 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Azureus
[2009/06/21 15:57:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\EVEMon
[2010/07/02 01:57:16 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\LolClient
[2010/07/14 13:25:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ManyCam
[2009/11/08 22:16:20 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Octoshape
[2010/06/21 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Red Alert 3
[2009/06/16 01:26:29 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Red Alert 3 Demo
[2009/02/28 01:06:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SoundSpectrum
[2010/07/26 13:13:42 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Subversion
[2010/06/19 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TeamViewer
[2010/03/12 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TS3Client
[2010/07/15 21:36:05 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/07/01 01:20:04 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/07/30 12:14:39 | 000,000,222 | ---- | M] () -- C:\Windows\Tasks\PersonalAV.job
[2010/07/30 02:16:00 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/30 12:25:13 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{27AB5009-59F4-4440-89F1-C972EED447E7}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]
[2009/08/04 04:05:33 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini
[2006/11/10 09:34:31 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500\desktop.ini
[2009/06/29 18:46:49 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I21SR0C.gif
[2010/06/19 18:52:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I2K9ZM1
[2010/06/19 18:52:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I4RYD5R.bmp
[2009/07/08 19:37:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I597UAK.url
[2009/08/07 02:30:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I7OKTXH.url
[2010/06/19 18:52:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I7QU3FG
[2009/08/07 02:29:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$I8GXKW2.url
[2010/06/19 18:52:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IA71I8M.bmp
[2009/07/08 19:37:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IAII5HJ.url
[2009/08/07 02:30:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IAQYZNC.url
[2009/08/07 02:30:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IBKVFE4.url
[2010/06/19 18:52:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IC3CJXO
[2009/07/08 19:37:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IEZ6ZF5.url
[2009/08/07 02:30:07 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IFK6MFE.url
[2010/07/30 01:31:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IGW02Y1.jpg
[2009/08/07 02:29:57 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IIXDSXR.url
[2009/08/07 02:30:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IJC99BW.url
[2008/06/02 16:40:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IJZETJQ
[2009/07/08 19:37:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$ILAK78E.url
[2010/06/19 18:52:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$INA77WA
[2010/06/19 18:52:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IO0FF85
[2010/06/19 18:52:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IPB0UK7
[2009/06/29 18:46:49 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IR6X47J.gif
[2010/07/28 23:03:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IU3ABEW.ipsw
[2009/08/07 02:30:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IU73XHR.url
[2010/06/19 18:52:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IUSYF40
[2009/05/09 16:57:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IV425Y4.utx
[2010/06/19 18:52:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$IX9RSHQ
[2010/07/27 23:17:52 | 000,147,460 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$RGW02Y1.jpg
[2010/02/20 01:24:17 | 263,275,211 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\$RU3ABEW.ipsw
[2008/01/24 16:33:26 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1001\desktop.ini
[2008/01/25 10:51:04 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-1002\desktop.ini
[2007/12/12 19:27:31 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1609536132-3652608087-3944827767-500\desktop.ini
[2006/11/02 09:04:17 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-29 16:48:34


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/12/13 01:52:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/12/13 01:52:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/12/13 01:52:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/12/13 01:52:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys



Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

OTL Log (2/2)

Post by Coldplasma819 on Fri Jul 30, 2010 5:20 pm

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/12/13 01:52:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/12/13 02:00:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2007/12/13 02:00:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2007/12/13 02:00:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2007/12/13 02:00:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2007/12/13 01:52:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/12/13 01:52:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/12/13 01:52:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/12/13 01:52:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/16 20:30:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/16 20:30:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/16 20:30:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/16 20:30:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2008/01/19 03:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\System32\autochk.exe
[2008/01/19 03:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 05:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 04:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/26 09:08:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/26 09:08:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2007/08/29 04:56:54 | 000,305,688 | ---- | M] (Intel Corporation) MD5=BDC361489A7F22E568060FA6FB3C960E -- C:\Drivers\storage\R165147\IaStor.sys
[2007/08/29 04:56:54 | 000,305,688 | ---- | M] (Intel Corporation) MD5=BDC361489A7F22E568060FA6FB3C960E -- C:\Windows\System32\drivers\iaStor.sys
[2007/08/29 04:56:54 | 000,305,688 | ---- | M] (Intel Corporation) MD5=BDC361489A7F22E568060FA6FB3C960E -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_aa6cfea8\iaStor.sys
[2007/08/29 04:56:54 | 000,305,688 | ---- | M] (Intel Corporation) MD5=BDC361489A7F22E568060FA6FB3C960E -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_d933611b\iaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2006/11/02 05:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) MD5=EE12864398F1C3BF5BEE91F6AF9842E1 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll
[2008/01/19 03:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\imm32.dll
[2008/01/19 03:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2007/12/13 01:56:10 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=0D900252FF3C4F26AA2A8E161B4318A2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.20608_none_926943d0723b6518\kernel32.dll
[2009/02/13 04:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006/11/02 05:46:05 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2009/02/13 03:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 03:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2008/01/19 03:34:36 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2009/02/13 04:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\kernel32.dll
[2009/02/13 04:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2006/11/02 05:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2008/01/19 03:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/19 03:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2008/02/16 20:30:20 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=2620822A21B76375F5FD6E0986407CD1 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
[2007/12/16 18:50:41 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
[2006/11/02 05:51:47 | 001,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2008/01/19 03:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\System32\drivers\ntfs.sys
[2008/01/19 03:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2008/02/16 20:30:20 | 001,061,432 | ---- | M] (Microsoft Corporation) MD5=B5BE45B1F554DF9E1976CBC855365E60 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
[2007/12/16 18:52:59 | 001,061,944 | ---- | M] (Microsoft Corporation) MD5=F08824715CA6076F5E73E005AB83B9C8 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys

[color=#A23BEC]< MD5 for: NTMSSVC.DLL >[/color]
[2006/11/02 08:36:25 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008/01/19 03:35:58 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2008/01/19 03:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\System32\qmgr.dll
[2008/01/19 03:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 05:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2007/12/13 01:59:10 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2007/12/13 01:59:10 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\System32\spoolsv.exe
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2008/01/19 03:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\System32\termsrv.dll
[2008/01/19 03:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006/11/02 05:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ws2_32.dll
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/01/19 03:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2008/01/19 03:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report >

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Extras.Txt

Post by Coldplasma819 on Fri Jul 30, 2010 5:22 pm

OTL Extras logfile created on: 7/30/2010 12:57:22 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 86.83 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.89 Gb Free Space | 32.58% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERRARO-2
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B47E14E-CD77-4278-A310-8925971B912B}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{0DFDCBE0-8383-4866-99B3-B01B7DE60F7A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{18A60BAD-CFFA-4761-BAEA-02C9620A4E04}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A84E5B9-97FC-4F71-8B61-72F343A65473}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1C38AE82-82FE-4FF3-9E0C-850D925BD440}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{1DF8C03E-8975-40A8-93FA-887CCA9A692B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{274CE2C5-2377-48DE-B957-A4AB1B1E0C09}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2BCAA55A-9B2D-41B4-8064-85F1CA2F64C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{322C57BE-A654-4E9C-9D2C-6823FD4D31C2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38218C52-ED6D-48C5-AE7A-8B92BF0D2969}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FBDCB96-3279-4D64-947C-31E24234B75D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{40D81B88-BF1B-4FAA-A365-20253D5B047B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{412DF268-F4B2-42B1-9EFA-E8D079BEBD44}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{427DB060-62FD-47EF-9509-A3781612ABD0}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{440DCD24-1FC2-4CC8-B802-B69E2247141B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{44210C3C-CE4C-4ECB-8DD3-39BBC06570B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5C5918E5-A8B5-498C-930C-65FAA78A5BFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F46C2F8-ECBA-42BB-B7E6-6354EC5C439C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6A2121DD-4D1C-4CD2-9568-034B3E6BE758}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7206C8EA-A7CD-46C0-91C2-390172731B66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73A85F56-ED2E-4FC6-ACCB-E8CC238D071B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83581D9B-9844-4044-87D7-342372C22598}" = lport=445 | protocol=6 | dir=in | app=system |
"{852E2EA5-8189-4591-A342-C3077FEFC7AE}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8D66E6B0-40B5-4257-9AD1-7F61238CC2CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EA5F087-2132-44F6-931B-02507231AFB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{949693CD-9888-4247-B7FE-492B90B145BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A05275C3-AE3A-4547-9CF9-5067994A7E13}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{A5DC5432-4CAC-4C5E-BED2-C13D3A78942E}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5EC1C8A-E228-4806-AAC9-45902F5107BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA6F6592-F79D-48FE-A635-AC54308DBD06}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AA81A9A7-AA20-438A-BBA3-5E3E761A992F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AE4A4306-652C-4ED5-9E38-80343B622097}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AEF41D74-10FD-4C20-BA30-3B456653087B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AFA3FCA5-1942-418C-A43B-706CC8A31068}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2A42382-1B46-477A-B466-420CE658C377}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{BC7CDE83-4E56-4883-A15F-3C1851563F41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1590F6D-8D27-4C11-A9FD-1FCBBC260C37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C7BC77B9-4406-48BF-A014-83F3E089697D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8EFD231-72FD-46A5-91E1-357EE471C075}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA704A27-0860-413F-9475-D95A294ECCA7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB4828B2-C67B-47DB-BB67-221458B9A6E8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D1F0901E-16E8-4BA9-9C44-ED9C524967F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D3ECA995-73FC-4914-BAB2-19D5B7A9032F}" = rport=139 | protocol=6 | dir=out | app=system |
"{D44963AA-F9A9-48AC-A27D-04CF249DFAFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D86B3461-3656-41A4-B7D0-BA03C7A4E1EA}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D918E37B-DE57-40ED-B4BA-DDC7C178D990}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D92EFECE-99BD-425C-98B5-5BF103C6A490}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8B4B360-78DC-47C9-8CC1-91CDDD97E74E}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA819EF7-593F-4F19-AB99-A9BA2FB54AD5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F574FEBE-1C8C-46FA-9AF5-2BD4FAAE2C12}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6A3B846-E6FE-4DA6-8011-87A03FEF10AF}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F7F33C13-2635-48B5-B96C-699D07E5C117}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC1C9BB1-A749-440E-90C3-402E425EACA0}" = lport=3390 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212AF4F-5FEE-4386-8BC1-AB0C28540FAF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0234F60A-90E9-47A7-8A25-4369AE818120}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0294AEC4-8659-4DF5-B848-8D62398E9EAF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{059C5E27-2F9C-4F86-AC7D-DEBBB5B59CAF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{06F021F1-4CCC-4FF1-8E2E-C7079A2E74E5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{0827EAD3-051F-4971-B1BA-0967B79A70EE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{0EC9B6C0-F106-45FC-ACB3-FB5383AC60A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{14EDDD24-1625-4A5E-A6C4-BABA6DDC87BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\counter-strike source\hl2.exe |
"{1C987AA3-70BC-49F7-A8C0-A4F3A9575C10}" = protocol=6 | dir=out | app=system |
"{1F330B44-12FE-45EB-A4C7-AF392C7F3DB0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{22EB1248-1AF9-4682-9A22-FC6DB8244589}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{26A49430-DA60-4C9C-9C28-6876C4A0872C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2DB2E5A8-BD67-4A0E-B79D-350C03CDD02C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2F8397B3-B889-45C3-B221-2D68A15EA16B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37669ADA-4247-4540-A771-31F92CB6855E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DD279DB-B5FE-47C6-A478-66E8E1EE0F15}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{41218252-820C-4570-A36B-348D7B344EE6}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{42882D98-DF8C-4FA7-8C7C-EEBE0829D5D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\all points bulletin\launcher\apblauncher.exe |
"{4332BEB8-5A47-4D73-A7E1-238B61842CA0}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{45714AE2-0225-44B3-B2A5-1190ADEA75FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47248D66-4285-4C41-B75D-C2C2C6DFE3C1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\garrysmod\hl2.exe |
"{47661396-9E48-43D9-84F4-7F77AA9D1416}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4BBB7075-458F-4C85-96EA-C505FAEEC658}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5660E7AD-1A7A-4DF3-B137-C290DB5241F1}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{581B22C3-A66B-4F58-915A-AC57F9D6EB09}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\all points bulletin\launcher\apblauncher.exe |
"{68956B3C-947C-45E5-96DC-6D3A439E440F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\synergy\hl2.exe |
"{6ADE3F98-9B4F-4922-865A-37FB3E641186}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{73252AEB-67B7-4634-B347-25959B1A377B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{745B3978-22ED-4921-8B27-9417D1CFEF2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AAB123E-8095-42FD-9832-B055305BC70F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{7CD7B37E-04B2-4786-8A85-A3CB010CD443}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{7DA17F91-C664-447A-BAB8-5433384474AC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{7F77BBEA-B12D-4A40-807E-E9F7BA0A330A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{80B7BF04-F0B4-465C-AA9A-2067872690CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{841A6FE8-06C1-4A3E-A0AD-D3D38FC47E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8626E34E-548B-44E4-92E3-06758C351B13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94A61BA0-6332-4B5F-ADE5-C26F34AFA88F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B7C933E-17CE-45EF-AF15-EEBF750B3CB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BAD625F-677C-4708-A7F5-5547C4A47AAA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A067FA6A-C765-4EB8-AF90-03CECD845675}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1FAF55F-D382-4181-B299-4809A63D04D3}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{A476DDB8-4DC1-4904-86AE-0B6A20763FF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AED659E2-1148-4FA4-9CF4-EACA23CA4967}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{B0B5E571-8F9E-4CAF-A0E6-11C35AC17135}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{B24F2E64-4041-4E1C-9C48-B8C79FAA6985}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B262F801-2624-4793-8C8B-F70EB0F93483}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B2BFE3A4-3139-4CE3-9A0B-BC54EB5B4890}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A61B31-2ED6-4502-B0FE-8AD2337BB35A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B74CD5A5-CD0D-4D02-9D0D-63F48BC86B46}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{BCD1886F-00D1-4D04-B18E-16B106423471}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{C065A385-3272-4812-89E0-7139EC81A89D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0E4C688-EF4F-4DDE-AB1E-131595E05B01}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\garrysmod\hl2.exe |
"{C4D88616-5F43-47D1-92E1-A0FB893DB201}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{CB741EDF-187A-4E8D-9778-73DBDDCC22C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBFCC7B3-A014-436F-BC3C-DF3BC741EAF4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF7A6F74-A306-446D-B072-0D28E63F2D9B}" = protocol=58 | dir=in | app=system |
"{DE101CD1-A11B-4921-AD2A-2F7DEE9A7FEF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E0E688FB-1F9F-424C-8F71-23974C887C19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0F8F685-C0F4-4F0B-9EFD-716493A6BDA6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E7E91665-CD35-4887-88ED-6C6DFCE615E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA57A111-C827-4CB3-9223-943C334D72B7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{EC034477-F17D-4089-BD29-8C8D1FCD8A6C}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{F344D0BD-83E5-4CE7-AD92-C077378BD184}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{F7BC4697-E087-4651-9532-DA8145164B08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FE6445B4-1374-4858-8280-BFAD9E0A13C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\counter-strike source\hl2.exe |
"{FF0AAA4F-134F-424B-BEB8-B2125F42D8EC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\synergy\hl2.exe |
"{FF222CAF-2CE1-42E1-A084-273DD89263AE}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{3B2CE95A-1650-400A-A1B5-17FC48E11EB0}C:\program files\microsoft games\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo custom edition\haloce.exe |
"TCP Query User{5B058472-BDFF-4852-AD36-117B3E20211B}C:\program files\steam\steamapps\coldplasma819\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\team fortress 2\hl2.exe |
"TCP Query User{680DAF43-53E4-4F0D-9387-C8A8AFAB3950}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{7FA20667-02C2-4DCF-B9DE-CD4ADD8E4F84}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{B805A9DD-EC57-4DD4-BEC6-8E2A56B2808E}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{EFAEF7EF-8A44-4A46-818B-9685E4DFA466}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{FD7EF1F4-1537-4BD2-B8FB-4407C8FE6B86}C:\program files\steam\steamapps\coldplasma819\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\source sdk base\hl2.exe |
"UDP Query User{12C57924-3046-450B-9434-1CE38C192CA5}C:\program files\steam\steamapps\coldplasma819\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\team fortress 2\hl2.exe |
"UDP Query User{13BB8809-3408-42A1-98FE-13048FD684F7}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{31FC3CB1-C67F-4014-831D-69C666055F83}C:\program files\microsoft games\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo custom edition\haloce.exe |
"UDP Query User{627F470E-F277-4FDD-BF31-9BE36AB6E2D0}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{806A3040-BB21-41DC-8D6E-611B1F0DA7AC}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{9E5853A7-BD6D-4D8F-91A8-F75637A1E14E}C:\program files\steam\steamapps\coldplasma819\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coldplasma819\source sdk base\hl2.exe |
"UDP Query User{C31E41CD-C0A2-459E-A7AA-4A14B6A305CF}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88D5B052-13BF-44FE-8C17-AC416B323BFE}" = UT2004 Editor's Choice Edition Mod Installer
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel(R) Viiv(TM) Software
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"AIM_7" = AIM 7
"AIMTunes" = AIMTunes
"Cold War Crisis" = Cold War Crisis Release 1.0
"Creative OEM003" = Monitor Integrated Webcam Driver (1.00.13.0608)
"Destructive Forces 1.21" = Destructive Forces 1.21
"Download Manager" = Download Manager 2.3.9
"EADM" = EA Download Manager
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"GameSpy Arcade" = GameSpy Arcade
"GCFScape_is1" = GCFScape 1.7.5
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"IPX-SPX Protocol" = IPX/SPX Protocol
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManyCam" = ManyCam 2.5.48 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 17520" = Synergy
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57500" = All Points Bulletin
"SvenCoop" = Sven Co-op 4.0B
"TeamViewer 4" = TeamViewer 4
"UT2004" = Unreal Tournament 2004
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"WhiteCap" = WhiteCap
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ShockWave V0.95" = ShockWave V0.95
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/3/2009 10:57:14 PM | Computer Name = Ferraro-2 | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module studiorender.dll, version 0.0.0.0, time stamp 0x47140813, exception
code 0xc0000005, fault offset 0x0003198a, process id 0x2afc, application start time
0x01c9fc399e8cb9ec.

Error - 7/4/2009 1:03:56 AM | Computer Name = Ferraro-2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module SHELL32.dll, version 6.0.6001.18167, time stamp 0x4912ecfb,
exception code 0xc0000005, fault offset 0x00088769, process id 0x1914, application
start time 0x01c9fc64be22262c.

Error - 7/4/2009 4:57:07 PM | Computer Name = Ferraro-2 | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c24 Start Time: 01c9fcdc57fde683 Termination Time: 336

Error - 7/6/2009 1:23:08 AM | Computer Name = Ferraro-2 | Source = VSS | ID = 8194
Description =

Error - 7/6/2009 1:24:32 AM | Computer Name = Ferraro-2 | Source = System Restore | ID = 8193
Description =

Error - 7/6/2009 5:46:10 PM | Computer Name = Ferraro-2 | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 428 Start Time: 01c9fe801d77fead Termination Time: 297

Error - 7/7/2009 2:16:48 PM | Computer Name = Ferraro-2 | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 18cc Start Time: 01c9ff2a4952a4f1 Termination Time: 440

Error - 7/7/2009 9:31:42 PM | Computer Name = Ferraro-2 | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module studiorender.dll, version 0.0.0.0, time stamp 0x47140813, exception
code 0xc0000005, fault offset 0x0003198a, process id 0x1e28, application start time
0x01c9ff6222d303a1.

Error - 7/8/2009 9:29:33 PM | Computer Name = Ferraro-2 | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 18d4 Start Time: 01ca0029b93994d2 Termination Time: 340

Error - 7/13/2009 9:45:59 PM | Computer Name = Ferraro-2 | Source = Application Error | ID = 1000
Description = Faulting application iw3mp.exe, version 0.0.0.0, time stamp 0x4859a219,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x000aea7a, process id 0x3748, application start time 0x01ca04247fec030b.

[ IntelDH Events ]
Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

Error - 11/21/2008 5:12:54 PM | Computer Name = Ferraro-2 | Source = TrayIcon | ID = 18
Description = getML failed

[ Media Center Events ]
Error - 5/25/2008 9:31:47 AM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/30/2008 3:00:23 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 2:54:12 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 1/2/2009 4:39:09 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/6/2009 7:02:37 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/14/2009 7:30:24 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/13/2009 1:27:28 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/7/2009 1:26:33 PM | Computer Name = Ferraro-2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/26/2010 8:08:09 PM | Computer Name = Ferraro-2 | Source = Mcx2Dvcs | ID = 401
Description =

Error - 4/26/2010 8:10:50 PM | Computer Name = Ferraro-2 | Source = McrMgr | ID = 107
Description =

[ System Events ]
Error - 7/30/2010 12:48:57 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:55:59 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:56:54 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:56:58 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:57:58 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:58:00 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:58:25 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:58:31 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 12:59:06 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 7/30/2010 1:06:01 PM | Computer Name = Ferraro-2 | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 12:14 am

Hi,

I don't see any malware in the OTL but:

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read [You must be registered and logged in to see this link.].

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):


  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.

=======

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log in your reply

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Everything went swimmingly

Post by Coldplasma819 on Sat Jul 31, 2010 3:25 am

I didnt get a notification to restart my computer, so I didnt, but here is the log from the scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4372

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/30/2010 11:12:43 PM
mbam-log-2010-07-30 (23-12-43).txt

Scan type: Quick scan
Objects scanned: 167977
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 5:06 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 4:19 pm

Wait, just to be sure that I dont make any mistakes, after I download ComboFix.exe and rename it to commy.exe for my desktop, and disable my anti-virus tools, you want me to copy and paste "%userprofile%\desktop\commy.exe" /stepdel into the little search bar that comes up on my start menu under All Programs. Correct?

And put "%userprofile%\desktop\commy.exe" /stepdel in without the quotes, right?

Oh, and you also want me to (on McAfee security center) turn off virus protection, spyware protection, systemguards protection and script scanning protection. Correct?

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 6:23 pm

All correct, yes. Disabling your anti-virus i just a precaution so combofix is not blocked.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 7:17 pm

I get an error when I input %userprofile%\desktop\commy.exe /stepdel, saying "Windows cannot find 'C:\Users\Joe\desktop\commy.exe'. Make sure you typed the name correctly, then try again."

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 7:23 pm

Is the executable on your desktop? Have you renamed it to commy.exe?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 7:25 pm

Yep, its renamed to commy.exe, and it is on my desktop. Also, just so I know, how would you 'skip" the windows recovery console installation?

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 7:28 pm

When prompted to install it, just click No Smile

Can you just try running combofix by double clicking it please? Forget the stepdel part

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 7:37 pm

Ok, I double clicked it and it worked, McAfee picked up registry changes, and I figured it was Combofix, so I turned off spyware and virus protection on McAfee. I am now at the Disclaimer of Warranty on Software window of Combofix. Am I on the right course?

Also, when I allowed the changes in registry, my PC beeped, is that normal?

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 8:11 pm

Yup Smile. Keep on going and let it run please

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Uh oh?

Post by Coldplasma819 on Sat Jul 31, 2010 8:50 pm

I am posting this from a different computer. I ran ComboFix on my computer and it completed and the log came up, however my computer lost connection to the internet, and I was not notified to reboot, and I dont want to reboot my computer unless you tell me to.

What should I do? (Remember, I am posting this from a different computer, not mine.)

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 9:01 pm

Did combofix finish and the log generate and pop up? If so, Please reboot and post the log here for review.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Phew! Ok, I panicked a little there

Post by Coldplasma819 on Sat Jul 31, 2010 9:09 pm

Whew! I panicked when it didnt say reboot! Haha, here is the log from ComboFix:

ComboFix 10-07-31.01 - Joe 07/31/2010 16:14:23.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1778 [GMT -4:00]
Running from: c:\users\Joe\Desktop\commy.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Joe\blackra1n.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 20:25 . 2010-07-31 20:26 -------- d-----w- c:\users\Joe\AppData\Local\temp
2010-07-31 20:25 . 2010-07-31 20:25 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-07-31 20:25 . 2010-07-31 20:25 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-07-31 20:25 . 2010-07-31 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-31 20:25 . 2010-07-31 20:25 -------- d-----w- c:\users\COLLIN\AppData\Local\temp
2010-07-31 02:52 . 2010-07-31 02:52 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2010-07-31 02:52 . 2010-07-31 02:52 -------- d-----w- c:\programdata\Malwarebytes
2010-07-31 02:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 02:52 . 2010-07-31 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 02:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 02:41 . 2010-07-30 02:41 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-07-30 02:37 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-30 02:37 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-07-30 02:37 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-07-30 02:37 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-07-30 02:37 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-30 02:37 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-30 02:37 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-30 02:37 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-07-30 02:37 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-30 02:37 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-29 03:13 . 2010-07-29 03:14 -------- d-----w- c:\program files\iPod
2010-07-27 22:47 . 2010-07-27 22:47 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-27 22:12 . 2010-07-27 22:55 -------- d-----w- c:\program files\StarCraft II
2010-07-27 22:12 . 2010-07-27 22:47 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-26 23:56 . 2010-07-31 16:10 -------- d-----w- c:\users\Joe\AppData\Local\TSVNCache
2010-07-26 17:18 . 2010-07-26 17:18 -------- d-----w- c:\users\Joe\AppData\Roaming\TortoiseSVN
2010-07-26 17:13 . 2010-07-26 17:13 -------- d-----w- c:\users\Joe\AppData\Roaming\Subversion
2010-07-26 17:09 . 2010-07-26 17:10 -------- d-----w- c:\program files\TortoiseSVN
2010-07-26 17:09 . 2010-07-26 17:09 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-07-26 02:00 . 2010-07-26 02:00 -------- d-----w- c:\users\Joe\AppData\Local\Mozilla
2010-07-20 22:51 . 2010-07-21 04:36 -------- d-----w- c:\program files\iPod(4)
2010-07-20 22:48 . 2010-07-21 04:35 -------- d-----w- c:\users\Joe\{27eac569-beea-4c92-82ca-b7e5bf129ce0}
2010-07-14 17:25 . 2010-07-14 17:25 -------- d-----w- c:\users\Joe\AppData\Local\ManyCam
2010-07-14 17:25 . 2010-07-14 17:25 -------- d-----w- c:\users\Joe\AppData\Roaming\ManyCam
2010-07-14 17:25 . 2010-07-14 17:25 -------- d-----w- c:\program files\ManyCam
2010-07-09 20:37 . 2010-07-09 20:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37 . 2010-07-09 20:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37 . 2010-07-09 20:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37 . 2010-07-09 20:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-02 05:57 . 2010-07-02 05:57 -------- d-----w- c:\users\Joe\AppData\Roaming\LolClient
2010-07-02 05:50 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-02 05:50 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-02 05:50 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-02 05:42 . 2010-07-02 05:42 -------- d-----w- C:\Riot Games
2010-07-02 05:22 . 2010-07-02 07:12 -------- d-----w- c:\users\Joe\AppData\Local\PMB Files
2010-07-02 05:22 . 2010-07-02 05:23 -------- d-----w- c:\programdata\PMB Files
2010-07-02 05:22 . 2010-07-02 05:22 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 16:10 . 2010-04-18 22:28 36725 ----a-w- c:\programdata\nvModes.dat
2010-07-31 16:10 . 2009-05-04 18:58 -------- d-----w- c:\program files\Steam
2010-07-31 16:09 . 2008-03-20 22:38 -------- d-----w- c:\programdata\NVIDIA
2010-07-31 05:54 . 2007-12-12 22:09 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-31 03:33 . 2008-03-10 21:51 -------- d-----w- c:\program files\Common Files\AOL
2010-07-31 01:54 . 2008-03-10 21:52 -------- d-----w- c:\programdata\Viewpoint
2010-07-30 17:00 . 2007-12-12 22:43 -------- d-----w- c:\program files\Google
2010-07-30 16:02 . 2009-12-10 22:20 -------- d-----w- c:\program files\Bing Bar Installer
2010-07-30 16:02 . 2009-10-19 19:04 -------- d-----w- c:\program files\Microsoft
2010-07-30 02:42 . 2009-08-23 05:15 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-29 03:14 . 2009-02-08 06:04 -------- d-----w- c:\program files\iTunes
2010-07-29 03:14 . 2009-02-08 05:58 -------- d-----w- c:\program files\Common Files\Apple
2010-07-27 22:42 . 2008-03-22 16:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 21:04 . 2009-08-20 21:01 -------- d-----w- c:\program files\McAfee
2010-07-25 20:54 . 2010-05-18 01:18 -------- d-----w- c:\program files\Cryptic Studios
2010-07-23 00:17 . 2008-02-03 15:55 138624 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-23 00:17 . 2008-02-03 15:54 218464 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-21 17:40 . 2009-05-04 18:58 -------- d-----w- c:\program files\Common Files\Steam
2010-07-21 04:35 . 2008-04-02 00:01 -------- d-----w- c:\users\Joe\AppData\Roaming\Ventrilo
2010-07-20 22:46 . 2007-12-12 23:13 -------- d-----w- c:\program files\Bonjour
2010-07-15 19:18 . 2009-08-20 21:02 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-14 21:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-09 22:37 . 2010-07-30 02:37 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2009-06-13 22:21 9818728 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2009-06-13 22:21 1625192 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:37 . 2009-06-13 22:21 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-07 17:46 . 2009-06-13 22:21 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-02 16:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-07-02 05:42 . 2007-12-12 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 22:07 . 2008-11-26 01:30 -------- d-----w- c:\program files\Electronic Arts
2010-06-26 16:20 . 2007-12-12 22:29 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 04:03 . 2008-10-04 03:03 138056 ----a-w- c:\users\Joe\AppData\Roaming\PnkBstrK.sys
2010-06-26 04:03 . 2008-10-04 03:03 138056 ----a-w- c:\users\Joe\AppData\Roaming\PnkBstrK.sys
2010-06-24 04:07 . 2010-06-24 04:07 -------- d-----w- c:\program files\IPX-SPX Protocol
2010-06-23 04:17 . 2010-06-23 04:17 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb19A7.tmp.exe
2010-06-22 16:21 . 2009-05-30 03:39 -------- d-----w- c:\program files\Hamachi
2010-06-22 02:43 . 2009-05-30 03:40 -------- d-----w- c:\users\Joe\AppData\Roaming\Hamachi
2010-06-22 02:42 . 2010-06-22 02:41 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-22 00:58 . 2010-06-22 00:32 -------- d-----w- c:\users\Joe\AppData\Roaming\Red Alert 3
2010-06-21 04:41 . 2009-09-02 02:44 -------- d-----w- c:\program files\EA GAMES
2010-06-21 04:01 . 2010-05-10 22:52 -------- d-----w- c:\users\Joe\AppData\Roaming\IGN_DLM
2010-06-19 22:50 . 2009-05-01 18:55 -------- d-----w- c:\users\Joe\AppData\Roaming\TeamViewer
2010-06-13 04:52 . 2010-06-13 04:52 -------- d-----w- c:\users\Joe\AppData\Roaming\NVIDIA
2010-06-12 21:13 . 2010-01-03 02:54 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-11 15:21 . 2007-12-12 22:27 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 16:20 . 2010-06-13 04:48 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-06-04 21:43 . 2009-02-08 05:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 19:52 . 2010-05-10 20:52 -------- d-----w- c:\program files\Unreal Tournament 3P
2010-05-26 16:16 . 2010-06-10 21:21 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 21:21 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-22 19:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 01:42 . 2010-05-12 01:42 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-04 05:59 . 2010-06-10 21:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-02-26 23:17 . 2009-05-23 15:55 28353 ----a-w- c:\program files\halo1narrowweb300x3790adt2.jpg
2008-03-14 23:45 . 2008-03-14 23:45 582826 ----a-w- c:\program files\Manual Patch.zip
2007-12-13 06:00 . 2007-12-13 05:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth HCI Monitor]
2006-12-07 23:50 9728 ----a-w- c:\windows\System32\HCIMNTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2007-04-24 12:25 86016 ----a-w- c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHFMSetLoginStatus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-05 04:34 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
2007-06-27 14:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM03Mon.exe]
2007-05-19 06:00 36864 ----a-w- c:\windows\OEM03Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-12 22:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-04-29 185640]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-12-12 5632]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\Drivers\OEM03Afx.sys [2007-06-08 141376]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 7424]
S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\DRIVERS\OEM03Vid.sys [2007-04-25 235808]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 00:16]

2010-07-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{27AB5009-59F4-4440-89F1-C972EED447E7}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: giftube.com\www
Trusted Zone: live.com\login
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\xm8l9xbn.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe
AddRemove-Cold War Crisis - c:\program files\EA Games\Command & Conquer Generals Zero Hour\_CWC_UnInst.exe
AddRemove-Destructive Forces 1.21 - c:\program files\EA Games\Command & Conquer Generals Zero Hour\Uninstal.exe
AddRemove-EVE - c:\program files\CCP\EVE\Uninstall.exe
AddRemove-WOLAPI - c:\westwood\Internet\UnstllAP.EXE
AddRemove-ShockWave V0.95 - c:\program files\EA Games\Command & Conquer Generals Zero Hour\Uinst_shw.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-31 16:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-31 16:28:49
ComboFix-quarantined-files.txt 2010-07-31 20:28

Pre-Run: 95,784,820,736 bytes free
Post-Run: 106,871,091,200 bytes free

- - End Of File - - 5A25A17F6FB2196928C8A5457265CA12

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 9:14 pm

How are things running now? An update would be appreciated Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 9:16 pm

Well I have internet again, my last post contains the info from the ComboFix scan.


Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 9:18 pm

Has anything changed sine running combofix? Still having the same issues as in your first post?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 9:35 pm

Im not quite sure, my original problems were freezes of the taskbar and desktop, and somehow the freezes started happening in Starcraft II. The freezes most of the time were triggered by starting up Internet Explorer, and were actually quite random.

Should I run another malwarebytes scan again? It wouldnt hurt would it?

I still also have 83 Processes running, according to Task Manager. Is that ok? My friend says he normally gets around 50-60 processes.


Last edited by Coldplasma819 on Sat Jul 31, 2010 9:38 pm; edited 1 time in total

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 9:37 pm

It certainly wouldn't hurt. You're right Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 9:54 pm

According to Task Manager, I have roughly around 84 Processes running, is that normal? My friend says he normally has 50-60. Heres the log from the
Malwarebytes scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4372

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/31/2010 5:45:27 PM
mbam-log-2010-07-31 (17-45-27).txt

Scan type: Quick scan
Objects scanned: 161384
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 10:06 pm

According to Task Manager, I have roughly around 84 Processes running, is that normal? My friend says he normally has 50-60. Heres the log from the

Every PC is different. I've got 85 running Smile

I'm confident you are malware free

Congratulations!! Your PC is all clean! Big Grin
To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Reading Tip:
[You must be registered and logged in to see this link.]
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

[You must be registered and logged in to see this link.]

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the [You must be registered and logged in to see this link.] - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this [You must be registered and logged in to see this link.] to learn how to backup. Follow [You must be registered and logged in to see this link.] by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
[You must be registered and logged in to see this link.]

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features [You must be registered and logged in to see this link.]

You can get a [You must be registered and logged in to see this link.] of Winpatrol or use the [You must be registered and logged in to see this link.] for more features.

You can read [You must be registered and logged in to see this link.] if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from [You must be registered and logged in to see this link.].

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy [You must be registered and logged in to see this link.] at Bleeping Computer.

4. SiteHound Toolbar

[You must be registered and logged in to see this link.] is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> [You must be registered and logged in to see this link.]<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See [You must be registered and logged in to see this link.] for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!



Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 10:17 pm

Thank you so much for the help! I am currently installing Spybot Search & Destroy!

Also, what do you mean when you say "P2P?" And what programs do I have that are P2P? I want to get right to deleting them!

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 10:21 pm

Person to Person filesharing programs like Limewire, Vuze, UTorrent, etc Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 10:31 pm

Ok! Vuze is gone. Did you see any other P2P programs that I have?

Also when I hit my control Panel\Programs, I see a blank file at the bottom titled Viewpoint Manager. However there is no icon to follow with that, and there are no options, should I be worried? I also checked my add/remove programs and there are no viewpoint programs.

Oh, should I consider getting rid of OTL? Or would it not hurt to keep it?

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 10:35 pm

Let's see what's hiding Smile

Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.

Also, you can remove OTL. Open the program and click the CleanUp button

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Also, I have 2 Internet Explorer icons. What do I do?

Post by Coldplasma819 on Sat Jul 31, 2010 10:39 pm

I got 2 Internet Explorer Icons, I just noticed. What should I do? The log from My-System search is below:


[b]MySystem-Search[/b]


MSS v1.6


[color=blue]Basic System Information[/color]

Username: Joe - Date: 07/31/2010 - Time: 18:36:34

Microsoft Windows [Version 6.0.6001]
Processor type: x86 Family 6 Model 15 Stepping 11, GenuineIntel
Total processors: 4
Computer Name: FERRARO-2
Logon Server: \\FERRARO-2


[color=blue]CD Emulation Drivers running?[/color]

Roxio found!


[color=blue]Peer-to-Peer applications?[/color]



[color=blue]File associations[/color]

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


[color=blue]Running processes[/color]


Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 20,048 K
smss.exe 396 Services 0 756 K
csrss.exe 488 Services 0 5,428 K
wininit.exe 548 Services 0 4,188 K
csrss.exe 560 Console 1 8,988 K
services.exe 592 Services 0 7,008 K
lsass.exe 604 Services 0 2,400 K
lsm.exe 616 Services 0 5,280 K
winlogon.exe 728 Console 1 5,640 K
svchost.exe 796 Services 0 6,960 K
nvvsvc.exe 840 Services 0 4,200 K
svchost.exe 868 Services 0 7,604 K
svchost.exe 924 Services 0 43,580 K
svchost.exe 964 Services 0 13,608 K
svchost.exe 996 Services 0 87,204 K
svchost.exe 1008 Services 0 60,088 K
audiodg.exe 1096 Services 0 14,848 K
svchost.exe 1120 Services 0 5,172 K
SLsvc.exe 1136 Services 0 10,288 K
svchost.exe 1196 Services 0 16,828 K
svchost.exe 1316 Services 0 14,072 K
WUDFHost.exe 1564 Services 0 6,428 K
spoolsv.exe 1664 Services 0 10,096 K
svchost.exe 1724 Services 0 20,632 K
nvvsvc.exe 1780 Console 1 8,180 K
PhotoshopElementsFileAgen 448 Services 0 1,096 K
AlertService.exe 696 Services 0 4,268 K
AppleMobileDeviceService. 940 Services 0 4,244 K
mDNSResponder.exe 1084 Services 0 5,960 K
svchost.exe 1244 Services 0 3,744 K
btwdins.exe 1280 Services 0 3,844 K
DQLWinService.exe 1324 Services 0 3,268 K
hamachi-2.exe 1832 Services 0 8,092 K
McSACore.exe 1964 Services 0 5,532 K
McProxy.exe 584 Services 0 1,152 K
rundll32.exe 2108 Console 1 3,812 K
MpfSrv.exe 2156 Services 0 5,148 K
msksrver.exe 2208 Services 0 5,216 K
NMSCore.exe 2508 Services 0 7,192 K
PnkBstrA.exe 2548 Services 0 3,924 K
svchost.exe 2564 Services 0 5,464 K
QualityManager.exe 2576 Services 0 4,828 K
stacsv.exe 2616 Services 0 6,204 K
nvSCPAPISvr.exe 2688 Services 0 5,204 K
svchost.exe 2708 Services 0 6,716 K
TeamViewer_Service.exe 2728 Services 0 3,264 K
svchost.exe 2760 Services 0 2,292 K
WLIDSVC.EXE 2792 Services 0 9,364 K
SearchIndexer.exe 2852 Services 0 22,300 K
issm.exe 2896 Services 0 8,780 K
MCLServiceATL.exe 3000 Services 0 6,324 K
WUDFHost.exe 3124 Services 0 5,860 K
Remote UI Service.exe 3312 Services 0 6,832 K
mediaserver.exe 3364 Services 0 24,124 K
WLIDSVCM.EXE 3496 Services 0 2,800 K
dwm.exe 3988 Console 1 48,004 K
taskeng.exe 4012 Console 1 12,308 K
explorer.exe 2164 Console 1 68,964 K
mcmscsvc.exe 3480 Services 0 5,556 K
MSASCui.exe 2884 Console 1 10,072 K
sttray.exe 3960 Console 1 10,032 K
mcagent.exe 2672 Console 1 1,800 K
ehtray.exe 2752 Console 1 1,548 K
mobsync.exe 4108 Console 1 6,736 K
Steam.exe 4164 Console 1 16,344 K
ehmsas.exe 4320 Console 1 4,096 K
TSVNCache.exe 4660 Console 1 6,476 K
svchost.exe 4740 Services 0 7,032 K
wmpnscfg.exe 5100 Console 1 5,212 K
wmpnetwk.exe 5160 Services 0 20,532 K
XPSMiniViewGadget.exe 5948 Console 1 21,584 K
SteamService.exe 4700 Services 0 7,028 K
taskeng.exe 1800 Services 0 7,412 K
taskeng.exe 4284 Services 0 5,832 K
mcsysmon.exe 4124 Services 0 9,172 K
firefox.exe 5492 Console 1 86,616 K
McNASvc.exe 5592 Services 0 9,196 K
wuauclt.exe 6092 Console 1 5,756 K
McSmtFwk.exe 5456 Services 0 7,348 K
McUICnt.exe 3928 Console 1 21,352 K
Mcshield.exe 5520 Services 0 54,796 K
SearchProtocolHost.exe 2780 Services 0 8,864 K
SearchFilterHost.exe 2072 Services 0 5,436 K
mss.exe 3600 Console 1 3,700 K
cmd.exe 4512 Console 1 2,500 K
tasklist.exe 4400 Console 1 4,856 K
WmiPrvSE.exe 1216 Services 0 6,136 K


[color=blue]Hidden objects[/color]

PATH: C:\windows

Installer
msdownld.tmp
PIF
WindowsShell.Manifest


PATH: C:\windows\system32

7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
desktop.ini
GroupPolicy


PATH: C:\windows\system32\drivers

hamachi.sys
Msft_User_WpdFs_01_00_00.Wdf
Msft_User_WpdMtpDr_01_00_00.Wdf


PATH: C:\

$RECYCLE.BIN
bootmgr
dell.sdr
Documents and Settings
IO.SYS
IPH.PH
MSDOS.SYS
pagefile.sys
System Volume Information


[color=blue]User Profile check[/color]

COLLIN
Joe
Mcx1
Public


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1609536132-3652608087-3944827767-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\IUSR_NMPR
Flags REG_DWORD 0x1
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000008492EF5F5760B6D9774B21EBE8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1609536132-3652608087-3944827767-1001
ProfileImagePath REG_EXPAND_SZ C:\Users\Joe
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000008492EF5F5760B6D9774B21EBE9030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x6
RunLogonScriptSync REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1609536132-3652608087-3944827767-1002
ProfileImagePath REG_EXPAND_SZ C:\Users\COLLIN
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000008492EF5F5760B6D9774B21EBEA030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1609536132-3652608087-3944827767-1003
ProfileImagePath REG_EXPAND_SZ C:\Users\IUSR_NMPR
Flags REG_DWORD 0x1
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000008492EF5F5760B6D9774B21EBEB030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1609536132-3652608087-3944827767-1004
ProfileImagePath REG_EXPAND_SZ C:\Users\Mcx1
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000008492EF5F5760B6D9774B21EBEC030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0



[color=blue]Current Scheduled Tasks[/color]

PATH: C:\Windows\Tasks

Google Software Updater.job
McDefragTask.job
McQcTask.job
SCHEDLGU.TXT
SA.DAT
User_Feed_Synchronization-{27AB5009-59F4-4440-89F1-C972EED447E7}.job


[color=blue]Windows Drivers and NT-Services[/color]

Volume in drive C is OS
Volume Serial Number is DE81-11F2

Directory of C:\Windows\System32\Drivers

02/03/2010 03:56 PM 26,176 hamachi.sys
06/22/2009 12:10 AM 0 Msft_User_WpdFs_01_00_00.Wdf
01/22/2010 03:56 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
3 File(s) 26,176 bytes
0 Dir(s) 106,772,123,648 bytes free
Volume in drive C is OS
Volume Serial Number is DE81-11F2

Directory of C:\Windows\System32\Drivers

09/18/2006 05:26 PM 3,440,660 gm.dls
09/18/2006 05:26 PM 646 gmreadme.txt
09/19/2006 02:56 PM 57,656 OEM03Pvc.bmp
09/19/2006 02:56 PM 57,656 OEM03PC.bmp
10/01/2006 05:10 PM 328,162 ativcaxx.cpa
10/01/2006 05:10 PM 929 ativcaxx.vp
10/01/2006 05:10 PM 2,096 ativpkxx.vp
10/01/2006 05:10 PM 2,096 ativokxx.vp
10/15/2006 05:11 PM 34,656 ativvpxx.vp
11/02/2006 02:37 AM 20,480 secdrv.sys
11/02/2006 03:30 AM 464,384 BCMWL6.SYS
11/02/2006 03:30 AM 117,760 E1G60I32.sys
11/02/2006 03:36 AM 2,028,032 atikmdag.sys
11/02/2006 03:36 AM 235,520 HdAudio.sys
11/02/2006 03:36 AM 20,608 ntrigdigi.sys
11/02/2006 04:24 AM 62,336 BrSerWdm.sys
11/02/2006 04:24 AM 12,160 BrUsbMdm.sys
11/02/2006 04:24 AM 13,568 BrFiltLo.sys
11/02/2006 04:24 AM 5,248 BrFiltUp.sys
11/02/2006 04:24 AM 11,904 BrUsbSer.sys
11/02/2006 04:25 AM 71,808 BrSerId.sys
11/02/2006 04:30 AM 38,400 processr.sys
11/02/2006 04:30 AM 40,960 amdk8.sys
11/02/2006 04:30 AM 38,912 amdk7.sys
11/02/2006 04:30 AM 38,912 crusoe.sys
11/02/2006 04:30 AM 39,424 viac7.sys
11/02/2006 04:35 AM 11,264 wmiacpi.sys
11/02/2006 04:42 AM 65,536 IPMIDrv.sys
11/02/2006 04:51 AM 8,704 parvdm.sys
11/02/2006 04:51 AM 17,920 serenum.sys
11/02/2006 04:51 AM 79,360 parport.sys
11/02/2006 04:51 AM 83,456 serial.sys
11/02/2006 04:51 AM 20,480 flpydisk.sys
11/02/2006 04:51 AM 25,088 fdc.sys
11/02/2006 04:51 AM 13,312 sfloppy.sys
11/02/2006 04:52 AM 20,608 wacompen.sys
11/02/2006 04:53 AM 26,112 vgapnp.sys
11/02/2006 04:55 AM 21,504 hidir.sys
11/02/2006 04:55 AM 19,456 usbohci.sys
11/02/2006 04:55 AM 35,328 circlass.sys
11/02/2006 04:55 AM 68,608 usbcir.sys
11/02/2006 04:55 AM 132,352 usbvideo.sys
11/02/2006 04:55 AM 29,184 hidbth.sys
11/02/2006 04:55 AM 39,936 bthmodem.sys
11/02/2006 05:04 AM 878,080 PEAuth.sys
11/02/2006 05:14 AM 18,944 usbprint.sys
11/02/2006 05:49 AM 16,488 i2omgmt.sys
11/02/2006 05:49 AM 18,280 compbatt.sys
11/02/2006 05:49 AM 19,560 wd.sys
11/02/2006 05:49 AM 22,632 crcdisk.sys
11/02/2006 05:49 AM 25,192 battc.sys
11/02/2006 05:49 AM 27,752 i2omp.sys
11/02/2006 05:49 AM 28,776 megasas.sys
11/02/2006 05:49 AM 31,848 sym_hi.sys
11/02/2006 05:49 AM 33,384 Mraid35x.sys
11/02/2006 05:49 AM 56,936 UAGP35.SYS
11/02/2006 05:50 AM 34,920 sym_u3.sys
11/02/2006 05:50 AM 58,984 GAGP30KX.SYS
11/02/2006 05:50 AM 65,640 lsi_fc.sys
11/02/2006 05:50 AM 35,944 symc8xx.sys
11/02/2006 05:50 AM 65,640 lsi_sas.sys
11/02/2006 05:50 AM 35,944 iteatapi.sys
11/02/2006 05:50 AM 35,944 iteraid.sys
11/02/2006 05:50 AM 67,688 arc.sys
11/02/2006 05:50 AM 65,640 lsi_scsi.sys
11/02/2006 05:50 AM 37,480 HpCISSs.sys
11/02/2006 05:50 AM 38,504 sisraid2.sys
11/02/2006 05:50 AM 67,688 arcsas.sys
11/02/2006 05:50 AM 71,272 djsvs.sys
11/02/2006 05:50 AM 40,040 nvstor.sys
11/02/2006 05:50 AM 76,392 sbp2port.sys
11/02/2006 05:50 AM 71,784 sisraid4.sys
11/02/2006 05:50 AM 78,952 mpio.sys
11/02/2006 05:50 AM 41,576 iirsp.sys
11/02/2006 05:50 AM 80,488 msdsm.sys
11/02/2006 05:50 AM 45,160 nfrd960.sys
11/02/2006 05:50 AM 88,680 nvraid.sys
11/02/2006 05:50 AM 98,408 ulsata.sys
11/02/2006 05:50 AM 98,408 adpu160m.sys
11/02/2006 05:50 AM 106,088 ql40xx.sys
11/02/2006 05:50 AM 112,232 vsmraid.sys
11/02/2006 05:50 AM 115,816 ulsata2.sys
11/02/2006 05:51 AM 147,048 adpu320.sys
11/02/2006 05:51 AM 167,528 pcmcia.sys
11/02/2006 05:51 AM 232,040 iaStorV.sys
11/02/2006 05:51 AM 235,112 uliahci.sys
11/02/2006 05:51 AM 297,576 adpahci.sys
11/02/2006 05:51 AM 316,520 elxstor.sys
11/02/2006 05:51 AM 420,968 adp94xx.sys
11/02/2006 05:51 AM 900,712 ql2300.sys
02/17/2007 11:37 AM 12,416 nwlnkflt.sys
02/17/2007 11:37 AM 32,512 nwlnkfwd.sys
02/17/2007 11:37 AM 88,448 nwlnkipx.sys
02/17/2007 11:37 AM 63,232 nwlnknb.sys
02/17/2007 11:37 AM 55,936 nwlnkspx.sys
03/05/2007 07:45 PM 7,424 OEM03Vfx.sys
03/09/2007 06:04 PM 31,072 iqvw32.sys
04/02/2007 12:42 AM 79,664 btwaudio.sys
04/02/2007 12:42 AM 80,688 btwavdt.sys
04/02/2007 12:42 AM 16,432 btwrchid.sys
04/25/2007 02:00 AM 235,808 OEM03Vid.sys
06/08/2007 02:00 AM 141,376 OEM03Afx.sys
06/20/2007 04:00 AM 9,200 cdralw2k.sys
06/20/2007 04:00 AM 9,072 cdr4_xp.sys
07/26/2007 04:00 AM 43,872 pxhelp20.sys
08/29/2007 04:56 AM 305,688 iaStor.sys
09/12/2007 04:40 AM 326,656 stwrt.sys
09/12/2007 04:44 AM 228,224 e1e6032.sys
12/12/2007 06:34 PM 5,632 IntelDH.sys
12/13/2007 01:13 AM 5,833 1028_Dell_XPS_XPS_420.mrk
12/13/2007 01:52 AM 53,352 SISAGP.SYS
12/13/2007 01:52 AM 58,472 ULIAGPKX.SYS
12/13/2007 01:52 AM 106,600 NV_AGP.SYS
12/13/2007 01:52 AM 53,864 AGP440.sys
12/13/2007 01:52 AM 47,208 isapnp.sys
12/13/2007 01:52 AM 54,376 VIAAGP.SYS
12/13/2007 01:52 AM 54,888 AMDAGP.SYS
12/13/2007 01:52 AM 242,688 rdpdr.sys
12/13/2007 01:55 AM 12,800 sffp_mmc.sys
12/13/2007 01:55 AM 12,800 sffp_sd.sys
12/13/2007 01:55 AM 13,312 sffdisk.sys
12/13/2007 02:00 AM 17,592 intelide.sys
12/13/2007 02:00 AM 25,784 msahci.sys
12/13/2007 02:00 AM 19,128 cmdide.sys
12/13/2007 02:00 AM 17,592 aliide.sys
12/13/2007 02:00 AM 18,104 amdide.sys
12/13/2007 02:00 AM 20,152 viaide.sys
01/05/2008 07:31 AM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/19/2008 12:10 AM 681,984 spsys.sys
01/19/2008 12:30 AM 53,760 hdaudbus.sys
01/19/2008 01:27 AM 41,472 intelppm.sys
01/19/2008 01:27 AM 12,800 fs_rec.sys
01/19/2008 01:28 AM 143,360 fastfat.sys
01/19/2008 01:28 AM 136,192 exfat.sys
01/19/2008 01:28 AM 70,144 cdfs.sys
01/19/2008 01:28 AM 226,816 udfs.sys
01/19/2008 01:28 AM 22,528 msfs.sys
01/19/2008 01:28 AM 34,816 npfs.sys
01/19/2008 01:28 AM 75,264 dfsc.sys
01/19/2008 01:28 AM 69,632 bowser.sys
01/19/2008 01:28 AM 224,768 rdbss.sys
01/19/2008 01:28 AM 110,080 mrxdav.sys
01/19/2008 01:30 AM 27,648 filetrace.sys
01/19/2008 01:30 AM 84,480 luafv.sys
01/19/2008 01:35 AM 32,768 watchdog.sys
01/19/2008 01:36 AM 13,312 dxapi.sys
01/19/2008 01:36 AM 76,288 dxg.sys
01/19/2008 01:49 AM 6,144 beep.sys
01/19/2008 01:49 AM 4,608 null.sys
01/19/2008 01:49 AM 19,968 sermouse.sys
01/19/2008 01:49 AM 15,872 mouhid.sys
01/19/2008 01:49 AM 15,872 kbdhid.sys
01/19/2008 01:49 AM 5,888 mspclock.sys
01/19/2008 01:49 AM 54,784 i8042prt.sys
01/19/2008 01:49 AM 5,504 mspqm.sys
01/19/2008 01:49 AM 6,016 mstee.sys
01/19/2008 01:49 AM 8,192 mskssrv.sys
01/19/2008 01:49 AM 148,992 ks.sys
01/19/2008 01:49 AM 17,408 smclib.sys
01/19/2008 01:49 AM 19,968 Diskdump.sys
01/19/2008 01:49 AM 67,072 cdrom.sys
01/19/2008 01:49 AM 24,576 tape.sys
01/19/2008 01:49 AM 18,944 mcd.sys
01/19/2008 01:52 AM 25,088 vga.sys
01/19/2008 01:52 AM 110,080 videoprt.sys
01/19/2008 01:52 AM 41,984 monitor.sys
01/19/2008 01:52 AM 51,200 WUDFPf.sys
01/19/2008 01:53 AM 83,328 WUDFRd.sys
01/19/2008 01:53 AM 5,632 drmkaud.sys
01/19/2008 01:53 AM 25,472 hidparse.sys
01/19/2008 01:53 AM 52,992 stream.sys
01/19/2008 01:53 AM 38,912 hidclass.sys
01/19/2008 01:53 AM 5,888 usbd.sys
01/19/2008 01:53 AM 12,288 hidusb.sys
01/19/2008 01:53 AM 167,936 portcls.sys
01/19/2008 01:53 AM 23,552 usbuhci.sys
01/19/2008 01:53 AM 39,424 usbehci.sys
01/19/2008 01:53 AM 31,616 winusb.sys
01/19/2008 01:53 AM 55,296 USBSTOR.SYS
01/19/2008 01:53 AM 73,088 USBAUDIO.sys
01/19/2008 01:53 AM 25,728 USBCAMD.sys
01/19/2008 01:53 AM 25,728 USBCAMD2.sys
01/19/2008 01:53 AM 226,304 usbport.sys
01/19/2008 01:53 AM 53,376 1394bus.sys
01/19/2008 01:53 AM 73,216 usbccgp.sys
01/19/2008 01:53 AM 12,288 bdasup.sys
01/19/2008 01:53 AM 61,952 ohci1394.sys
01/19/2008 01:53 AM 19,456 bthenum.sys
01/19/2008 01:53 AM 49,664 rfcomm.sys
01/19/2008 01:53 AM 7,680 umpass.sys
01/19/2008 01:53 AM 34,816 umbus.sys
01/19/2008 01:53 AM 194,560 usbhub.sys
01/19/2008 01:53 AM 92,160 bthpan.sys
01/19/2008 01:54 AM 64,000 mpsdrv.sys
01/19/2008 01:55 AM 47,104 lltdio.sys
01/19/2008 01:55 AM 60,416 rspndr.sys
01/19/2008 01:55 AM 13,312 irenum.sys
01/19/2008 01:55 AM 95,744 irda.sys
01/19/2008 01:55 AM 66,560 smb.sys
01/19/2008 01:55 AM 184,320 netbt.sys
01/19/2008 01:55 AM 16,896 ndisuio.sys
01/19/2008 01:55 AM 15,360 TUNMP.SYS
01/19/2008 01:55 AM 35,840 netbios.sys
01/19/2008 01:55 AM 16,384 nsiproxy.sys
01/19/2008 01:55 AM 71,680 tdx.sys
01/19/2008 01:56 AM 31,232 qwavedrv.sys
01/19/2008 01:56 AM 33,280 RNDISMP.sys
01/19/2008 01:56 AM 30,208 tcpipreg.sys
01/19/2008 01:56 AM 15,872 usb8023.sys
01/19/2008 01:56 AM 47,616 ipfltdrv.sys
01/19/2008 01:56 AM 20,992 ndistapi.sys
01/19/2008 01:56 AM 49,664 ndproxy.sys
01/19/2008 01:56 AM 100,864 ipnat.sys
01/19/2008 01:56 AM 17,408 asyncmac.sys
01/19/2008 01:56 AM 11,776 rasacd.sys
01/19/2008 01:56 AM 62,464 wanarp.sys
01/19/2008 01:56 AM 41,472 raspppoe.sys
01/19/2008 01:56 AM 121,344 ndiswan.sys
01/19/2008 01:56 AM 76,288 rasl2tp.sys
01/19/2008 01:56 AM 62,976 raspptp.sys
01/19/2008 01:56 AM 69,120 rassstp.sys
01/19/2008 01:56 AM 15,872 ws2ifsl.sys
01/19/2008 01:57 AM 273,920 afd.sys
01/19/2008 01:57 AM 20,992 tdi.sys
01/19/2008 01:57 AM 8,192 rootmdm.sys
01/19/2008 01:57 AM 31,744 modem.sys
01/19/2008 02:01 AM 17,920 tdpipe.sys
01/19/2008 02:01 AM 29,184 tdtcp.sys
01/19/2008 02:01 AM 6,144 RDPCDD.sys
01/19/2008 02:01 AM 6,144 RDPENCDD.sys
01/19/2008 02:01 AM 23,552 tssecsrv.sys
01/19/2008 02:01 AM 181,248 rdpwd.sys
01/19/2008 02:04 AM 39,936 WpdUsb.sys
01/19/2008 02:53 AM 130,048 drmk.sys
01/19/2008 02:58 AM 93,696 bridge.sys
01/19/2008 03:41 AM 16,440 pciide.sys
01/19/2008 03:41 AM 16,440 msisadrv.sys
01/19/2008 03:41 AM 15,288 swenum.sys
01/19/2008 03:41 AM 17,976 wmilib.sys
01/19/2008 03:41 AM 21,560 atapi.sys
01/19/2008 03:41 AM 21,048 spldr.sys
01/19/2008 03:41 AM 29,240 Dumpata.sys
01/19/2008 03:41 AM 31,288 mssmbios.sys
01/19/2008 03:41 AM 35,384 kbdclass.sys
01/19/2008 03:41 AM 34,360 mouclass.sys
01/19/2008 03:41 AM 36,408 crashdmp.sys
01/19/2008 03:41 AM 35,896 WdfLdr.sys
01/19/2008 03:42 AM 45,112 pciidex.sys
01/19/2008 03:42 AM 142,904 scsiport.sys
01/19/2008 03:42 AM 143,416 ecache.sys
01/19/2008 03:42 AM 49,720 mup.sys
01/19/2008 03:42 AM 52,792 volmgr.sys
01/19/2008 03:42 AM 54,328 termdd.sys
01/19/2008 03:42 AM 55,352 disk.sys
01/19/2008 03:42 AM 151,096 pci.sys
01/19/2008 03:42 AM 56,376 partmgr.sys
01/19/2008 03:42 AM 57,400 mountmgr.sys
01/19/2008 03:42 AM 163,384 msrpc.sys
01/19/2008 03:42 AM 58,936 fileinfo.sys
01/19/2008 03:42 AM 181,304 msiscsi.sys
01/19/2008 03:42 AM 192,056 fltMgr.sys
01/19/2008 03:42 AM 223,288 netio.sys
01/19/2008 03:42 AM 227,896 volsnap.sys
01/19/2008 03:43 AM 101,432 FWPKCLNT.SYS
01/19/2008 03:43 AM 266,808 acpi.sys
01/19/2008 03:43 AM 294,456 volmgrx.sys
01/19/2008 03:43 AM 110,136 ataport.sys
01/19/2008 03:43 AM 123,960 Storport.sys
01/19/2008 03:43 AM 127,544 Classpnp.sys
01/19/2008 03:43 AM 503,864 Wdf01000.sys
01/19/2008 03:43 AM 529,464 ndis.sys
01/19/2008 03:43 AM 1,081,912 ntfs.sys
04/04/2008 09:21 PM 72,192 pacer.sys
04/28/2008 09:42 PM 29,184 BTHUSB.SYS
04/28/2008 09:42 PM 220,160 bthport.sys
05/09/2008 09:33 PM 113,664 rmcast.sys
05/19/2008 10:07 PM 148,480 nwifi.sys
08/01/2008 09:01 PM 625,152 dxgkrnl.sys
05/18/2009 02:17 PM 26,600 GEARAspiWDM.sys
06/04/2009 07:13 PM <DIR> UMDF
06/15/2009 02:20 PM 439,896 ksecdd.sys
09/14/2009 05:44 AM 144,896 srv2.sys
09/16/2009 10:22 AM 34,248 mferkdk.sys
09/16/2009 10:22 AM 35,272 mfebopk.sys
09/16/2009 10:22 AM 40,552 mfesmfk.sys
09/16/2009 10:22 AM 214,664 mfehidk.sys
09/16/2009 10:22 AM 79,816 mfeavfk.sys
10/16/2009 02:33 AM 41,472 usbaapl.sys
12/09/2009 05:02 PM <DIR> en-US
12/11/2009 08:07 AM 98,304 srvnet.sys
12/11/2009 08:07 AM 301,568 srv.sys
02/18/2010 07:52 AM 25,088 tunnel.sys
02/18/2010 10:49 AM 898,952 tcpip.sys
02/20/2010 05:18 PM 411,136 http.sys
02/23/2010 07:32 AM 105,984 mrxsmb.sys
02/23/2010 07:32 AM 78,848 mrxsmb20.sys
02/23/2010 07:32 AM 212,992 mrxsmb10.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
07/09/2010 06:37 PM 10,920 nvBridge.kmd
07/09/2010 06:37 PM 11,008,040 nvlddmkm.sys
07/15/2010 03:18 PM 130,424 Mpfp.sys
07/22/2010 08:17 PM 138,624 PnkBstrK.sys
07/31/2010 04:20 PM <DIR> ..
07/31/2010 04:20 PM <DIR> .
07/31/2010 04:25 PM <DIR> etc
301 File(s) 43,851,745 bytes
5 Dir(s) 106,772,107,264 bytes free


[color=blue]Virtual drives found?[/color]



[color=blue]Environment variables[/color]

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Joe\AppData\Roaming
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FERRARO-2
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Joe
LOCALAPPDATA=C:\Users\Joe\AppData\Local
LOGONSERVER=\\FERRARO-2
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;c:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Joe\AppData\Local\Temp
TMP=C:\Users\Joe\AppData\Local\Temp
USERDOMAIN=Ferraro-2
USERNAME=Joe
USERPROFILE=C:\Users\Joe
windir=C:\Windows


[color=red]Stealth malware?[/color]


[color=blue]Internet Explorer[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ [You must be registered and logged in to see this link.]
AutoHide REG_SZ yes
Default_Page_URL REG_SZ [You must be registered and logged in to see this link.]
Default_Secondary_Page_URL REG_MULTI_SZ
Default_Search_URL REG_SZ [You must be registered and logged in to see this link.]
Search Page REG_SZ [You must be registered and logged in to see this link.]
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\Windows\System32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x0
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
PrivacyAdvanced REG_DWORD 0x0
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x1
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
ZonesSecurityUpgradeDone REG_DWORD 0x1
EnableAutodial REG_BINARY 00000000
NoNetAutodial REG_DWORD 0x0
ProxyHttp1.1 REG_DWORD 0x1
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
DisableIDNPrompt REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
GlobalUserOffline REG_DWORD 0x0
ProxyOverride REG_SZ *.local
ZonesSecurityUpgrade REG_BINARY B188DED6FAF5C901
ProxyOverride.Bonjour REG_SZ
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ [You must be registered and logged in to see this link.]
XMLHTTP REG_DWORD 0x0
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ [You must be registered and logged in to see this link.]
CompatibilityFlags REG_DWORD 0x0
StartPageCache REG_DWORD 0x1
FullScreen REG_SZ no
SearchMigrated REG_DWORD 0x0
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB4000000A60000000E0300008A030000
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
NotifyDownloadComplete REG_SZ yes
Use FormSuggest REG_SZ yes
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x0
DisableScriptDebuggerIE REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Page_Transitions REG_DWORD 0x1
UseThemes REG_DWORD 0x1
EnableSearchPane REG_DWORD 0x0
Force Offscreen Composition REG_DWORD 0x0
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
AutoSearch REG_DWORD 0x4
FormSuggest Passwords REG_SZ yes
FormSuggest PW Ask REG_SZ no
AutoHide REG_SZ yes
StatusBarWeb REG_DWORD 0x0
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 217E392AFBF5C901
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 5193483FFBF5C901
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 11684A3FFBF5C901
Default_Secondary_Page_URL REG_MULTI_SZ [You must be registered and logged in to see this link.]
SearchDefaultBranded REG_DWORD 0x1
IE8TourNoShow REG_DWORD 0x1
Check_Associations REG_SZ yes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
CustomizeSearch REG_SZ [You must be registered and logged in to see this link.]
SearchAssistant REG_SZ [You must be registered and logged in to see this link.]


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{03402f96-3dc7-4285-bc50-9e81fefafe43} REG_SZ
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} REG_SZ McAfee SiteAdvisor
{61539ecd-cc67-4437-a03c-9aaccbd14326} REG_SZ AIM Toolbar


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send image to &Bluetooth Device...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...


[color=blue]Protocol hijack?[/color]



[color=blue]Security Center[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval REG_DWORD 0x1
FirewallDisableNotify REG_DWORD 0x0
AntiVirusDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
AntiVirusOverride REG_DWORD 0x1
AntiSpywareOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
VistaSp1 REG_NONE 552580CB6AE5C901

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging



[color=blue]Uninstall List[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
(Default) REG_SZ






Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

My system search log, part 2/3

Post by Coldplasma819 on Sat Jul 31, 2010 10:40 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_3e054d2218e7aa282c2369d939e58ff
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Diagnostics_N
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOLOCP_Y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative OEM003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Download Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EADM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EVEMon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GCFScape_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Halo Custom Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Intel(R) Configuration Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IPX-SPX Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LogMeIn Hamachi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ManyCam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.8)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Control Panel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremElem40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremElem40Templates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSetDX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PunkBusterSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starcraft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StarCraft II
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 17480
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 17520
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 215
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 220
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 240
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 340
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 380
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 4000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 420
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 440
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 550
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 564
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 57500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SvenCoop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UT2004
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteCap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0224CACC-994D-45F8-B973-D65056EA9C2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0327FA9D-975C-448C-A086-577D57BB25B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0394CDC8-FABD-4ED8-B104-03393876DFDF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{04AF207D-9A77-465A-8B76-991F6AB66245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07159635-9DFE-4105-BFC0-2817DB540C68}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08B32819-6EEF-4057-AEDA-5AB681A36A23}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D397393-9B50-4C52-84D5-77E344289F87}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F47968F-858B-451F-92FB-E5E77FD038F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45235788-142C-44BE-8A4D-DDE9A84492E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62230596-37E5-4618-A329-0D21F529A86F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{789289CA-F73A-4A16-A331-54D498CE069F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FFCFC7-88C6-41C6-8752-958A45325C82}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84D58782-A2F0-47D4-A557-3041363893CF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85991ED2-010C-4930-96FA-52F43C2CE98A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8795CBED-55E2-4693-9F14-84EC446935BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{88D5B052-13BF-44FE-8C17-AC416B323BFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89CEAE14-DD0F-448E-9554-15781EC9DB24}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A74DEFD-A224-49CC-AB80-4E88BC730125}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A809006-C25A-4A3A-9DAB-94659BCDB107}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5102}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB1B528-E260-451E-9B55-E9152F94B80B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90176341-0A8B-4CCC-A78D-F862228A6B95}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CCF62-818D-4675-BC76-D37EB399F917}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E8766951-2B6C-4022-86E8-80D2D1762B76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92606477-9366-4D3B-8AE3-6BE4B29727AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92A300C0-E97B-48CC-9702-AB1AAED167E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C9824D9-9000-4373-A6A5-D0E5D4831394}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-800000000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1AD83A0-DC92-41E3-B111-E9472349768C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9CA59A0-3B70-48F8-9054-67595DE6E72B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4124E95-5061-4776-8D5D-E3D931C778E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DFF92A-492E-4C40-B862-A74A173C25C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D7769185-9A7C-48D4-8874-5388743A1DE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEC2C123-3CE0-4669-B119-61519130CACD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4C76DBA-822A-4F71-A4A6-BDD0E5B5CFAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E69AE897-9E0B-485C-8552-7841F48D42D8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7044E25-3038-4A76-9064-344AC038043E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F54AC413-D2C6-4A24-B324-370C223C6250}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F97E3841-CA9D-4964-9D64-26066241D26F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client


[color=blue]Adobe Products[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ [You must be registered and logged in to see this link.]
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ [You must be registered and logged in to see this link.]
URLUpdateInfo REG_SZ [You must be registered and logged in to see this link.]
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
EstimatedSize REG_DWORD 0x1800


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ [You must be registered and logged in to see this link.]
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ [You must be registered and logged in to see this link.]
URLUpdateInfo REG_SZ [You must be registered and logged in to see this link.]
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize REG_DWORD 0x1800



[color=blue]Autorun[/color]


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
Steam REG_SZ "c:\program files\steam\steam.exe" -silent
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
dscactivate REG_SZ C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
SigmatelSysTrayApp REG_SZ C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
mcagent_exe REG_SZ "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


[color=blue]Restrictions - Internet Explorer[/color]




[color=blue]Restrictions - REGEDIT[/color]


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools REG_DWORD 0x0



[color=blue]Restrictions - Explorer[/color]


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


[color=blue]DNS Settings[/color]


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6D510099-F44B-4CAC-9C94-02EE418D7A61}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A567E40F-CCD4-40EB-BEAC-B3BD75971078}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AEC67760-9E35-477B-B485-646CFF253F8E}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E7572262-AE85-4A1D-8C3A-E5E126660AE1}

Windows IP Configuration

Host Name . . . . . . . . . . . . : Ferraro-2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stny.rr.com

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-19-7E-E6-F1-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : stny.rr.com
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-1E-8C-3C-CD-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : stny.rr.com
Description . . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-09-1B-7B-96
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f890:a7a0:f5dc:3d8e%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, July 31, 2010 5:04:13 PM
Lease Expires . . . . . . . . . . : Sunday, August 01, 2010 5:04:12 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 00-23-C3-65-07-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.101.7.140(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, July 31, 2010 5:04:13 PM
Lease Expires . . . . . . . . . . : Sunday, July 31, 2011 5:06:19 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18db:2107:3f57:fe98(Preferred)
Link-local IPv6 Address . . . . . : fe80::18db:2107:3f57:fe98%8(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : stny.rr.com
Description . . . . . . . . . . . : isatap.stny.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E7572262-AE85-4A1D-8C3A-E5E126660AE1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AEC67760-9E35-477B-B485-646CFF253F8E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:565:78c::565:78c(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled


[color=blue]AppInit DLLs[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll



[color=blue]Shell Service Object Delay Load[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




[color=blue]Shell Execute Hooks[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ



[color=blue]Image File Execution Options[/color]


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE


[color=blue]Security Providers[/color]



[color=blue]Local Security Authority[/color]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x25c
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x3
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


[color=blue]AppCert DLLs[/color]



[color=blue]App Paths[/color]


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths
Path REG_SZ C:\Program Files\SigmaTel\C-Major Audio
(Default) REG_SZ C:\Program Files\SigmaTel\C-Major Audio\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 8.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Adobe Soundbooth CS3.exe
(Default) REG_SZ "C:\Program Files\Adobe\Adobe Soundbooth CS3\Adobe Soundbooth CS3.exe"
Path REG_SZ "C:\Program Files\Adobe\Adobe Soundbooth CS3"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AnalogRec9.exe
(Default) REG_SZ C:\Program Files\Roxio\Audio Capture 9\AnalogRec9.exe
Path REG_SZ C:\Program Files\Roxio\Audio Capture 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bridge.exe
(Default) REG_SZ C:\Program Files\Adobe\Adobe Bridge CS3\bridge.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Bridge CS3

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CEAPPMGR.EXE
(Default) REG_SZ C:\Windows\WindowsMobile\CEAppMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ColdWarCrisis.exe
(Default) REG_SZ C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\CWC\ColdWarCrisis.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLM.exe
(Default) REG_SZ C:\Program Files\Download Manager\DLM.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVDMusicAssistant9.exe
(Default) REG_SZ C:\Program Files\Roxio\Audio Master 9\DVDMusicAssistant9.exe
Path REG_SZ C:\Program Files\Roxio\Audio Master 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\edocs.exe
Path REG_SZ c:\dell\docs
(Default) REG_SZ c:\dell\docs\edocs.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\fsquirt.exe
DropTarget REG_SZ {047ea9a0-93bb-415f-a1c3-d7aeb3dd5087}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\inkball.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Microsoft Games\inkball\inkball.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
(Default) REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ c:\Program Files\Java\jre1.6.0\bin\javaws.exe
Path REG_SZ c:\Program Files\Java\jre1.6.0\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LPAndTapeAssistant9.exe
Path REG_SZ C:\Program Files\Roxio\Audio Capture 9\
(Default) REG_SZ C:\Program Files\Roxio\Audio Capture 9\LPAndTapeAssistant9.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaCapture9.exe
(Default) REG_SZ C:\Program Files\Roxio\Media Import 9\MediaCapture9.exe
Path REG_SZ C:\Program Files\Roxio\Media Import 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD9.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoUI 9\MyDVD9.exe
Path REG_SZ C:\Program Files\Roxio\VideoUI 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhotoshopElementsEditor.exe
(Default) REG_SZ C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsEditor.exe
Path REG_SZ C:\Program Files\Adobe\Photoshop Elements 6.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
(Default) REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
(Default) REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RA3.exe
Default REG_SZ c:\program files\steam\steamapps\common\command and conquer red alert 3\RA3.exe
Path REG_SZ c:\program files\steam\steamapps\common\command and conquer red alert 3
Game Registry REG_SZ Software\Electronic Arts\Electronic Arts\Red Alert 3
installed REG_DWORD 0x1
Restart REG_DWORD 0x0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RomLauncher.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\Dragon\RomLauncher.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Dragon\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxio_Central33.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxMediaDB9.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxWizardLauncher9.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxWizardLauncher9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxRenRel9.exe
(Default) REG_SZ C:\Program Files\Roxio\Audio Master 9\RxRenRel9.exe
Path REG_SZ C:\Program Files\Roxio\Audio Master 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxTagEdit9.exe
(Default) REG_SZ C:\Program Files\Roxio\Audio Master 9\RxTagEdit9.exe
Path REG_SZ C:\Program Files\Roxio\Audio Master 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
(Default) REG_SZ C:\Program Files\Safari\Safari.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stax.exe
(Default) REG_SZ C:\Program Files\Roxio\Express Labeler\stax.exe
Path REG_SZ C:\Program Files\Roxio\Express Labeler\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stikynot.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\stikynot.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SubWCRev.exe
Path REG_SZ C:\Program Files\TortoiseSVN\bin
(Default) REG_SZ C:\Program Files\TortoiseSVN\bin\SubWCRev.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCGProxyFileManager9.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoCore 9\VCGProxyFileManager9.exe
Path REG_SZ C:\Program Files\Roxio\VideoCore 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCU3DcheckApp.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoCore 9\VCU3DcheckApp.exe
Path REG_SZ C:\Program Files\Roxio\VideoCore 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VideoWave9.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoUI 9\VideoWave9.exe
Path REG_SZ C:\Program Files\Roxio\VideoUI 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WCESCOMM.EXE
(Default) REG_SZ C:\Windows\WindowsMobile\wmdc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
(Default) REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
(Default) REG_SZ "C:\Windows\System32\XPSViewer\XPSViewer.exe"



[color=blue]Mozilla[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
{B7082FAA-CB62-4872-9106-E42DD88EDE45} REG_SZ C:\Program Files\McAfee\SiteAdvisor

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 1.9.2.8
CurrentVersion REG_SZ 3.6.8 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.8 (en-US)
(Default) REG_SZ 3.6.8 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.8 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.8 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.8)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.8
GeckoVer REG_SZ 1.9.2.8

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.8\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.8\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins



Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

My system search log, part 3/3

Post by Coldplasma819 on Sat Jul 31, 2010 10:40 pm


[color=blue]Shared Task Scheduler[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon



[color=blue]SafeBoot[/color]



[color=blue]SafeBootMinimal[/color]


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


[color=blue]SafeBootNetwork[/color]


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


[color=blue]File Rename Operations - Session[/color]




[color=blue]Known DLLs - Session[/color]


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
rpcrt4 REG_SZ rpcrt4.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll



[color=blue]Downloaded program files (ActiveX)[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

PATH: [i]C:\windows\Downloaded Program Files[/i]

ampAx3.0.84.2.dll
desktop.ini
DLMControl.dll
dwusplay.dll
dwusplay.exe
erma.inf
FP_AX_CAB_INSTALLER.exe
install.log
isusweb.dll
syspro.inf
unagiuninst.exe


[color=blue]Mountpoints[/color]


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{117485b3-a8fe-11dc-8bad-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{117485b4-a8fe-11dc-8bad-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{117485b7-a8fe-11dc-8bad-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{117485b8-a8fe-11dc-8bad-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11748613-a8fe-11dc-8bad-001d091b7b96}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11748617-a8fe-11dc-8bad-001d091b7b96}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1174862f-a8fe-11dc-8bad-001d091b7b96}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11748635-a8fe-11dc-8bad-001d091b7b96}


[color=blue]Winlogon[/color]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x27
LegalNotice Text REG_SZ
SFCDisable REG_DWORD 0x0
System REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked


[color=blue]Windows Update[/color]


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-07-29 16:48:34
LastError REG_DWORD 0x0



[color=blue]Security Software Information[/color]

*Note*: Some security software does not store itself in the WMI.



{END OF FILE}

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 10:44 pm

All looks good. No more P2P Smile
I got 2 Internet Explorer Icons, I just noticed. What should I do?

What do they say in the name? They're both likely fine

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 10:50 pm

Whoa, well they both have the same exact icons and name. The new Internet Explorer takes me to my internet options when I click on properties. The other Internet Explorer, (which I believe is the original) takes me to the normal looking properties, that its an application, etc.

And yay, no more P2P! How would I go about getting rid of MSS?

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 10:56 pm

You can just delete MSS and the mss.txt. You can delete the new internet explorer icon too Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 11:00 pm

Ok! Cool! What do I do about the Viewpoint Manager file I found in my control panel\ Programs? (not in my programs list, but as an option to click on, like Programs and Features, or Windows Defender, or Default Programs, etc). Should I click on it and see if its nothing? Or..

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sat Jul 31, 2010 11:31 pm

You'll be fine leaving it Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Coldplasma819 on Sat Jul 31, 2010 11:43 pm

Ok. Thank you again for all your help! Right now I have to take leave for an hour or two, and I will return home later to try and play a game of Starcraft II, I will post back here if the freezing has stopped!

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sun Aug 01, 2010 12:30 am

Great. Glad I could help Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Awesome!

Post by Coldplasma819 on Sun Aug 01, 2010 6:50 am

Alright! I ran Starcraft II and played the campaign for a good solid 2 hours without any freezes! However, after a while, I ran into a 30 second freeze, and I noticed the fan in my computer turned down. So my guess is that the freeze was caused by my graphics card overheating and needing a break. There have been reports floating around that Starcraft II overheats your graphics card.

Do you have any idea what I could do? I think Im going to try and find a decent and cheap fan to get for some extra cooling.

Coldplasma819
Novice
Novice

Posts Posts : 46
Joined Joined : 2010-07-28
Gender Gender : Male
OS OS : Windows Vista Home Premium
Points Points : 23884
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible trojan? Many problems. Help would be appreciated!

Post by Crush on Sun Aug 01, 2010 6:12 pm

Right. Sounds like your graphics card is just being overtaxed. It is a very demanding game. This is is not my field however. If you post in the other forums you will get a better answer Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum