Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antimalware Doctor

Started by kfuchs , Jul 24 2010 09:45 AM

This topic is locked

#1
kfuchs

Posted 24 July 2010 - 09:45 AM

Member

Member
40 posts

I had the Antimalware Doctor virus and I used Malwarebytes to get rid of it. It seems to have gotten rid of most of it. I wanted to run a check to see if I might still be infected with some trojans and Im pretty sure I might be infected with stuff that just isnt showing up.

I have attachted all my latest logs from mbam, grem and otl

OTL.TXT FILE:

OTL logfile created on: 7/24/2010 11:31:50 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Kirill\Programs\Geekstogo Comp Repair tools
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 250.24 Gb Free Space | 41.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFUCHSI7
Current User Name: Kfuchs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\PrintDisp.exe
PRC - [2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Kirill\Programs\Geekstogo Comp Repair tools\OTL.exe
PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Kfuchs\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/26 02:49:14 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/06/26 02:49:09 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/03 22:42:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/13 13:19:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 13:39:00 | 001,808,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Kirill\Programs\Geekstogo Comp Repair tools\gmer.exe
PRC - [2009/07/25 05:04:10 | 000,144,384 | ---- | M] () -- C:\Users\Kfuchs\AppData\Roaming\Urfu\eszaa.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Kirill\Programs\Geekstogo Comp Repair tools\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2006/11/02 04:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Stopped] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/23 16:57:38 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/06/26 02:49:14 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/06/26 02:49:09 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/26 19:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/13 13:19:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/18 15:55:33 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/12/08 17:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 03:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/23 17:04:55 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/02 12:22:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 13:31:42 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 13:31:18 | 000,047,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 13:31:00 | 000,266,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 13:30:58 | 000,145,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 13:30:58 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 13:30:58 | 000,016,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/10/16 03:08:08 | 000,183,296 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/04/22 08:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/11/30 23:57:12 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2007/11/30 23:57:12 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2007/11/30 23:57:12 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/24 10:59:51 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/15 09:11:52 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100723.040\EX64.SYS -- (NAVEX15)
DRV - [2010/07/15 09:11:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/15 09:11:52 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:11:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100723.040\ENG64.SYS -- (NAVENG)
DRV - [2010/06/23 15:37:09 | 000,386,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100720.001\IDSviA64.sys -- (IDSvia64)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\{945B23D2-1229-4107-B2B6-A6090481CB2A}: C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A} [2010/07/22 21:45:17 | 000,000,000 | ---D | M]

[2009/05/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mozilla\Extensions
[2009/05/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/22 07:17:34 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/23 16:39:32 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [wmiprves] C:\Users\Kfuchs\AppData\Local\Temp\i74wa3x6e.exe File not found
O4 - HKCU..\Run: [{1302C0BA-4F96-F3A4-490F-7FD0B5DBE27B}] C:\Users\Kfuchs\AppData\Roaming\Urfu\eszaa.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [patchsetup70700.exe] C:\Users\Kfuchs\AppData\Roaming\744130D59FE9238EE43B2EFD86989A7E\patchsetup70700.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Kfuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (app_dll.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\Shell\AutoRun\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\Shell\open\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\Shell\AutoRun\command - "" = F:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found
O33 - MountPoints2\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\Shell\open\command - "" = F:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found
O33 - MountPoints2\{6a878028-b380-11de-ac98-00241d12e6c2}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{d72643ed-b88a-11de-92f1-00241d12e6c2}\Shell - "" = AutoRun
O33 - MountPoints2\{d72643ed-b88a-11de-92f1-00241d12e6c2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/24 10:47:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/24 10:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/24 07:04:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/24 07:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/23 16:57:16 | 000,025,424 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\COH_Mon.sys
[2010/07/23 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/07/23 16:45:42 | 000,172,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/23 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/23 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/22 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A}
[2010/07/22 21:44:20 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/07/22 21:43:51 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Local\kbixopmsw
[2010/07/22 21:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/07/22 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/07/22 21:43:33 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Roaming\744130D59FE9238EE43B2EFD86989A7E
[2010/06/12 18:54:29 | 003,735,920 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/06/12 18:54:10 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/06/12 18:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/06/12 18:31:28 | 000,000,000 | ---D | C] -- C:\GamesCampus
[2010/06/10 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Local\Iceni
[2010/06/10 01:25:18 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\Windows\SysWow64\CPDF.dll
[2010/06/10 01:25:18 | 000,888,832 | ---- | C] (ActMask http://www.all2pdf.com) -- C:\Windows\SysWow64\SaveTo.dll
[2010/06/10 01:24:58 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\Windows\SysNative\PrintDisp.exe
[2010/06/10 01:24:58 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\PrintCtrl.exe
[2010/06/10 01:24:52 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\PrtClient.exe
[2010/06/10 01:24:52 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\SetupDrv.exe
[2010/06/10 01:24:52 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\Windows\SysNative\PrtTools.exe
[2010/06/10 01:24:52 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\SetPrinter.exe
[2010/06/10 01:24:52 | 000,000,000 | ---D | C] -- C:\Windows\Infix PDF
[2010/06/10 01:24:49 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Roaming\Iceni
[2010/06/10 01:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Iceni
[2010/06/10 01:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Aspell
[2010/06/10 01:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iceni
[2010/06/10 01:24:47 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Roaming\Aspell
[2010/06/10 01:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/05/29 12:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2010/05/29 10:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/05/09 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Roaming\NVIDIA
[2010/05/09 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/05/09 11:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/09 11:49:17 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/05/09 11:49:17 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/05/09 11:49:06 | 000,000,000 | ---D | C] -- C:\NVIDIA

========== Files - Modified Within 90 Days ==========

[2010/07/24 11:33:34 | 004,456,448 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT
[2010/07/24 11:08:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/24 11:05:59 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/24 11:05:59 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/24 11:05:59 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/24 11:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/07/24 10:59:59 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/24 10:59:59 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/24 10:59:51 | 000,369,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/24 10:59:39 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 10:59:37 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 10:59:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/24 10:59:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/24 10:59:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/24 10:54:11 | 000,524,288 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/24 10:54:11 | 000,065,536 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/24 10:53:45 | 002,902,994 | -H-- | M] () -- C:\Users\Kfuchs\AppData\Local\IconCache.db
[2010/07/24 10:47:08 | 000,000,744 | ---- | M] () -- C:\Users\Kfuchs\Desktop\ERUNT.lnk
[2010/07/24 10:06:02 | 000,153,756 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Windows_7_All_Editions_MSDN_(Ult_Ent_Pro_HP_HB_Starter_Language.5061850.TPB.torrent
[2010/07/24 10:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/07/24 09:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2521480657-3936409505-4224837914-1000UA.job
[2010/07/24 09:10:42 | 000,000,000 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\Ivuzifa.bin
[2010/07/24 09:10:41 | 000,000,120 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\Yhagu.dat
[2010/07/24 08:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/07/24 07:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/07/24 07:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2521480657-3936409505-4224837914-1000Core.job
[2010/07/24 07:50:40 | 000,002,047 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Google Chrome.lnk
[2010/07/24 07:50:40 | 000,002,009 | ---- | M] () -- C:\Users\Kfuchs\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/24 07:11:28 | 000,019,456 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 07:04:41 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/24 06:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/07/24 00:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/07/23 22:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/07/23 21:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/07/23 20:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/07/23 19:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/07/23 18:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/07/23 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/07/23 17:35:30 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kfuchs.job
[2010/07/23 17:04:55 | 000,172,080 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/23 17:04:55 | 000,010,655 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/23 17:04:55 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/23 17:00:05 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/07/23 16:59:36 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 16:49:18 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/07/23 15:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/07/23 14:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/07/23 13:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/07/23 12:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/07/23 11:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/07/23 05:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/07/23 04:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/07/23 03:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/07/23 02:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/07/23 01:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/07/23 00:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/07/23 00:41:34 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\azupovilometape.dll
[2010/07/22 22:49:11 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\egixatesuxid.dll
[2010/07/22 22:12:34 | 569,345,292 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/22 22:05:17 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\izapediw.dll
[2010/07/22 21:53:41 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\ofihitamaga.dll
[2010/07/22 21:43:41 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/19 11:59:59 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2010/07/12 10:37:40 | 000,001,800 | -H-- | M] () -- C:\Users\Kfuchs\Documents\Default.rdp
[2010/07/07 12:28:44 | 000,011,940 | ---- | M] () -- C:\Users\Kfuchs\Desktop\For alona.docx
[2010/07/05 22:50:03 | 000,043,252 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project1.docx
[2010/07/05 12:51:49 | 000,010,375 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project2.docx
[2010/07/05 12:51:15 | 000,010,399 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project3.docx
[2010/07/01 11:44:18 | 000,017,134 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Exam III SG.docx
[2010/06/26 02:49:14 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/26 02:49:09 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/23 14:28:36 | 000,102,096 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/23 14:20:33 | 000,000,200 | ---- | M] () -- C:\Users\Kfuchs\Desktop\All Points Bulletin.url
[2010/06/10 01:24:51 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Infix PDF Editor.lnk
[2010/06/09 12:20:22 | 002,444,656 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/05 18:32:44 | 000,032,768 | ---- | M] () -- C:\Users\Kfuchs\Desktop\WC Audit Payroll.xls
[2010/06/03 21:40:13 | 000,024,576 | ---- | M] () -- C:\Users\Kfuchs\Desktop\username.doc
[2010/06/03 21:39:56 | 000,028,160 | ---- | M] () -- C:\Users\Kfuchs\Desktop\password.doc
[2010/05/22 18:26:08 | 000,218,056 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/18 14:04:20 | 000,000,680 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\d3d9caps.dat
[2010/05/14 01:12:30 | 001,409,648 | ---- | M] () -- C:\Users\Kfuchs\Documents\WebEx Document Loader Port
[2010/05/07 08:04:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\ÄMÄM
[2010/05/05 17:14:49 | 000,017,408 | ---- | M] () -- C:\Untitled.MSWMM
[2010/05/05 08:08:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Ä$Ä$
[2010/05/04 11:52:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\ÄÃÄÃ
[2010/05/03 19:10:18 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/05/03 19:04:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Ä9Ä9
[2010/05/01 09:02:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\ÄgÄg
[2010/04/29 17:39:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Ä-Ä-
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 10:39:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Ä(Ä(
[2010/04/26 19:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/04/25 22:54:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\ÄTÄT
[2010/04/25 12:43:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Ä=Ä=

========== Files Created - No Company Name ==========

[2010/07/24 10:47:08 | 000,000,744 | ---- | C] () -- C:\Users\Kfuchs\Desktop\ERUNT.lnk
[2010/07/24 10:06:02 | 000,153,756 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Windows_7_All_Editions_MSDN_(Ult_Ent_Pro_HP_HB_Starter_Language.5061850.TPB.torrent
[2010/07/24 07:04:41 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 16:57:16 | 000,010,557 | ---- | C] () -- C:\Windows\SysNative\drivers\COH_Mon.cat
[2010/07/23 16:51:01 | 000,000,560 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kfuchs.job
[2010/07/23 16:49:18 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/07/23 16:45:42 | 000,010,655 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/23 16:45:42 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/23 00:41:31 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\azupovilometape.dll
[2010/07/22 22:49:11 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\egixatesuxid.dll
[2010/07/22 22:05:17 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\izapediw.dll
[2010/07/22 21:53:41 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\ofihitamaga.dll
[2010/07/22 21:45:20 | 000,000,000 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\Ivuzifa.bin
[2010/07/22 21:45:18 | 000,000,120 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\Yhagu.dat
[2010/07/22 21:43:41 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/07 12:28:43 | 000,011,940 | ---- | C] () -- C:\Users\Kfuchs\Desktop\For alona.docx
[2010/07/05 12:52:22 | 000,043,252 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project1.docx
[2010/07/05 12:51:49 | 000,010,375 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project2.docx
[2010/07/05 12:51:15 | 000,010,399 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project3.docx
[2010/07/01 11:44:18 | 000,017,134 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Exam III SG.docx
[2010/06/26 12:03:18 | 000,362,862 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\dd_vcredistMSI2BCA.txt
[2010/06/26 12:03:18 | 000,011,146 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\dd_vcredistUI2BCA.txt
[2010/06/23 17:09:54 | 002,444,656 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/23 14:20:33 | 000,000,200 | ---- | C] () -- C:\Users\Kfuchs\Desktop\All Points Bulletin.url
[2010/06/12 18:54:10 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/06/10 01:25:18 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010/06/10 01:24:52 | 000,691,200 | ---- | C] () -- C:\Windows\SysNative\PrintLog.exe
[2010/06/10 01:24:52 | 000,524,288 | ---- | C] () -- C:\Windows\SysNative\PrtPass.exe
[2010/06/10 01:24:52 | 000,097,016 | ---- | C] () -- C:\Windows\SysWow64\Cancel.wav
[2010/06/10 01:24:52 | 000,010,398 | ---- | C] () -- C:\Windows\SysWow64\START.WAV
[2010/06/10 01:24:52 | 000,004,486 | ---- | C] () -- C:\Windows\SysWow64\FINISH.WAV
[2010/06/10 01:24:51 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\Infix PDF Editor.lnk
[2010/06/05 18:32:44 | 000,032,768 | ---- | C] () -- C:\Users\Kfuchs\Desktop\WC Audit Payroll.xls
[2010/06/03 21:40:13 | 000,024,576 | ---- | C] () -- C:\Users\Kfuchs\Desktop\username.doc
[2010/06/03 21:39:56 | 000,028,160 | ---- | C] () -- C:\Users\Kfuchs\Desktop\password.doc
[2010/05/29 10:32:27 | 000,363,936 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\dd_vcredistMSI5A88.txt
[2010/05/29 10:32:27 | 000,011,870 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\dd_vcredistUI5A88.txt
[2010/05/09 11:55:32 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/09 11:55:32 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/09 11:49:17 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/05/07 08:04:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ÄMÄM
[2010/05/05 17:14:49 | 000,017,408 | ---- | C] () -- C:\Untitled.MSWMM
[2010/05/05 08:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Ä$Ä$
[2010/05/04 11:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ÄÃÄÃ
[2010/05/03 19:04:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Ä9Ä9
[2010/05/01 09:02:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ÄgÄg
[2010/04/29 17:39:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Ä-Ä-
[2010/04/29 10:39:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Ä(Ä(
[2010/04/25 22:54:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ÄTÄT
[2010/04/25 12:43:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Ä=Ä=
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/19 03:05:01 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/19 03:05:01 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/21 10:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 10:28:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/14 16:34:41 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msuFnsern.dll
[2009/06/30 10:18:26 | 000,001,338 | ---- | C] () -- C:\Windows\stock.INI
[2009/06/12 15:52:59 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/24 17:32:47 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msuccso7d.dll
[2009/04/12 23:36:44 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswcnso7e.dll
[2009/04/11 18:39:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/07/23 17:36:00 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\744130D59FE9238EE43B2EFD86989A7E
[2009/04/25 17:24:49 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\acccore
[2010/04/02 12:30:21 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\DAEMON Tools Lite
[2009/12/05 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Darkfall
[2009/07/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Darkfall US
[2009/07/03 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\GetRightToGo
[2010/07/24 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Geurak
[2010/06/10 01:24:49 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Iceni
[2010/06/20 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\LimeWire
[2010/04/06 12:56:09 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mount&Blade Warband
[2009/07/25 05:04:10 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Urfu
[2010/07/24 10:25:24 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\uTorrent
[2010/07/24 00:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/07/24 08:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/07/24 10:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/07/24 11:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/07/23 11:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/07/23 12:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/07/23 13:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/07/23 14:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/07/23 15:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/07/23 17:00:05 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/07/23 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/07/23 00:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/07/23 18:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/07/23 19:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/07/23 20:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/07/23 21:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/07/23 22:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/07/23 01:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/07/23 02:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/07/23 03:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/07/23 04:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/07/23 05:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/07/24 06:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/07/24 07:59:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/07/24 10:53:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/19 11:59:59 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\Schedule Task Weekly.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/11 08:29:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/06 14:13:41 | 000,359,256 | ---- | M] (Hewlett-Packard) -- C:\hpzids40.dll
[2009/04/25 17:24:43 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/24 10:59:11 | 2459,516,927 | -HS- | M] () -- C:\pagefile.sys
[2010/07/24 07:04:11 | 000,000,350 | ---- | M] () -- C:\rkill.log
[2010/07/24 11:01:43 | 000,000,126 | ---- | M] () -- C:\service.log
[2010/05/05 17:14:49 | 000,017,408 | ---- | M] () -- C:\Untitled.MSWMM
[2010/07/22 21:43:41 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/26 00:03:40 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071
< End of report >

Extras.txt file:

OTL Extras logfile created on: 7/24/2010 11:31:50 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Kirill\Programs\Geekstogo Comp Repair tools
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 250.24 Gb Free Space | 41.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFUCHSI7
Current User Name: Kfuchs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 96 5D 46 C2 05 86 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2521480657-3936409505-4224837914-1000]
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114BED21-243C-4CD1-A955-F98120663213}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{324405EC-CA11-45F1-B6A7-2F523544E0FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{33E8EA8C-D322-4905-B741-D884BE43E3D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{4C662D02-5D2E-4133-8410-62CCBFAAD42B}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{4D1ED2BF-FC78-46BF-8B1F-BF9E08CC66B5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4F100976-47C6-4054-9155-6B1B7BA83787}" = lport=445 | protocol=6 | dir=in | app=system |
"{546B581A-DBF1-4C45-8069-FF195581981F}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E2B4551-545B-4EC9-A894-A2DCC932AA6E}" = rport=445 | protocol=6 | dir=out | app=system |
"{847EBE2A-278F-4B76-A2CB-27F768FD9BDF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{944F1305-4175-4F2F-B16D-C4DADD9206AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A1B8AA2F-2F3D-4FD7-A9D1-6DFC8456EC4B}" = lport=138 | protocol=17 | dir=in | app=system |
"{AEA9C604-152E-490F-8508-F38D5795B98F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{B155EE54-D4CF-496E-AE03-FD61C80636EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1898B47-FD69-4651-9D23-E20127CC834F}" = rport=138 | protocol=17 | dir=out | app=system |
"{E879A8AF-CA2E-421A-9FC6-5C49847267EF}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CDB7B4-B956-491E-872A-10D987681DB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{0815EC70-EDC0-40FE-B926-772969B2C0CA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{086923A8-2F00-45AB-9BEC-EA5584F8B525}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{0FECAB60-C492-4D1C-A764-79C29B136895}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{13B58D9A-A99A-4DBD-AB24-209AE3B3AB60}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{15226815-5E89-473B-A0A1-29658A37282F}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{18BEAA52-42C9-4D54-B408-91594F5DF710}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1FD0B792-7EF5-442C-8F75-E5C1143659B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{20AA4D9F-7EB9-464F-8780-4BDE8F10BCCD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{21055E27-679A-4CFA-B065-758F14618EF9}" = protocol=17 | dir=in | app=c:\gamescampus\heroes in the sky\his.exe |
"{2266F94F-4FF4-4A07-B7A0-C7F5C801B673}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{28750B82-45F7-4AED-8BA9-8056CF216206}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{29881CCA-BF48-4A21-BCAA-B32757DCBBB4}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{2A597DF7-74E4-4AD2-871A-2DD33E175023}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{2DC35A87-EB7D-4ED2-88C4-02DBA175DC08}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{33527883-4350-480E-BBFA-FC8097BFC7D8}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{37ED078A-8BA1-4DAF-965F-77D11E97A893}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{37F449CB-F52D-4276-B6D0-7C10A4E28A90}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{3B3C972A-0D25-4410-A61C-7C59D2625F99}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3E9A7D5C-E0CA-4657-93C2-D53F69EE97E6}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{46152932-57F4-4D32-AC84-5A27C4BE2865}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48140B65-F0C9-4D31-B654-EC5EA43F6202}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{4C1DE9BC-D755-46A6-965B-B1BB010602DE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{4C6C46A3-7303-43AA-A8DF-6F7E57A701E0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4D076F73-DC22-48A7-B603-9B3A19531F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F45315E-D469-4A3B-B6D3-F40968203592}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{531EC145-4EEA-4AFC-80DD-16043AB86701}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{55F63847-A171-4EBF-84A8-47D9B401B451}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7133AEEB-68B9-4937-B815-4DFFCEDAA7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{73840D64-C6D2-478D-A504-2AEDB4AD0F44}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{75A181AB-F3DC-46AF-BC78-AD766BA12173}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{77E0DA96-AC49-4B64-9645-E77B5FBB5A77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{7D1BBA79-35B8-4866-A310-3ABD727B8AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{80A13DEB-AECC-440B-B911-56E25EEEC6D0}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8560A3A5-5EFE-49F7-A58E-22C6E39714E4}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{865DDD92-9B04-470A-9266-69812F54D3AB}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{87B25ED9-ECE9-449C-9EF9-B843418840C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{8F015F21-C492-49B1-873C-7D757BC0A2BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{904FF1B5-165F-42EC-B5AA-AEC2CAFD74B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\all points bulletin\launcher\apblauncher.exe |
"{90E4827E-E774-4097-A669-1CEAA0D21C66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"{91A8D7F9-E9F9-413E-987C-A075153A7E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{9976E207-960B-4358-85AB-C8FA0E0999CF}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{9CC47B52-F75B-43CF-8E9C-6EB7041F291A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9DAE9BDA-83FA-4296-8FA3-65B4BCC2B3C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{A08F2511-FCEF-4D85-84C2-793603847FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A533B54D-416C-4D85-AD18-A38393C3E790}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{A5A424EF-0794-4963-B143-9BE65088B3B5}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{A836275E-5B1C-4F3B-81FF-4A6EC7E144AC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{AAC023D4-22A9-4E1E-8B24-E8D781E306D4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AAFECA98-B6B2-43B5-B4D7-F14EA032E1D1}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AB05CB1B-7CC9-48AB-AEC4-3E45FC275C71}" = protocol=6 | dir=in | app=c:\gamescampus\heroes in the sky\his.exe |
"{B0EA5D03-650A-49CA-B61A-B21C6871B7A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kfuchs\day of defeat source\hl2.exe |
"{B17875DB-2FCD-4085-AB9E-458A2105D94D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{B4F32E00-B6E4-4220-899E-8FAB77CEA0C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{B6022B03-77F1-48C5-824F-A40E3CEA3F08}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{B6D001E7-C289-4170-845F-BD3FA665CEA8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{B90B7229-EACF-4196-900B-F600669DFF13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{C3692237-8330-48D9-9A9F-FCDCB87013B6}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{CAE64A12-E3EB-449F-B586-14E1F2335D7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kfuchs\day of defeat source\hl2.exe |
"{CEEC2DD3-BA2F-4C5A-83B0-7778A216001A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D0C34F46-4851-4EC9-8FFF-4E22EF7AA0EE}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{D342C636-1919-40C6-8EED-6AF1E4A26396}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D6206D2D-CBC6-4087-938D-5502E444DFFF}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{D70C9412-53ED-4EBF-BC15-7AB90AD7B1AC}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{D9C3DE4F-2EB2-4F8C-A85E-A109FEFD7D21}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DB28F8DC-AC5A-4393-A6FE-1532BC5773A3}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{DDDCB571-AEF9-4687-BC88-04D46235A19B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"{DE610625-0322-4CC6-92DB-E1A0CD2AFD17}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{DFCAA423-F01E-4D9C-B4BA-4D29DF8EB193}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E1410703-F83A-440D-A0A4-A16B3D0A4E49}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E3E76465-455D-4232-895F-9D278DF91093}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{E93E9E0E-6204-4EDB-B4C3-840CBAD7904F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EB438603-2147-4F8B-A6BC-52BE3682B455}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EC7F624A-7EB2-447C-9199-A79A6BA45563}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{F5F2C90A-4AE5-4F04-A887-75849515CEFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{FA739F52-DC39-49B5-8ECE-964378D47388}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{FE03A261-2C4B-425B-86CA-29D07DB51ED6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\all points bulletin\launcher\apblauncher.exe |
"TCP Query User{4C4EA599-0282-410E-9CBA-579FD14C3784}C:\program files (x86)\darkfall us\data\sfbrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\darkfall us\data\sfbrowser.exe |
"TCP Query User{538B9F81-E735-4B4B-B72D-2D98792B895A}C:\program files (x86)\darkfall us\lobby.exe" = protocol=6 | dir=in | app=c:\program files (x86)\darkfall us\lobby.exe |
"TCP Query User{B5509EE8-1E9D-4CEF-AC81-BC65B7D62FEF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{1F383232-6ECE-4AB2-9BE6-795585F39BCB}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{1F986B03-0A0E-4512-BC55-B983DBDBA3CE}C:\program files (x86)\darkfall us\data\sfbrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\darkfall us\data\sfbrowser.exe |
"UDP Query User{FF8E0F9B-BFD1-4721-807B-93A28D5B7A9D}C:\program files (x86)\darkfall us\lobby.exe" = protocol=17 | dir=in | app=c:\program files (x86)\darkfall us\lobby.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{76CF6BDD-DA9C-4337-94B9-813F0F0C8EB4}" = SymNet x64
"{86F5DD6A-4ABB-4290-A68C-D7D2A4ADF86A}" = Symantec Real Time Storage Protection Component (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F303C668-7674-484A-8C04-579881C382F8}" = Norton Protection Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5024A609-3AC8-4FE8-8390-E8003BE1758E}" = Darkfall US
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69764F1C-55E1-4219-BDC5-299CD95FF004}_is1" = Mortal Online
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF397F20-24BB-11D7-AC6F-0050DA09345C}" = Advanced Analyzer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E47A2A39-221D-4BE7-8EB9-8BC924197194}" = Darkfall
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.16
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AutoHotkey" = AutoHotkey 1.0.48.03
"AutoItv3" = AutoIt v3.3.0.0
"Beta-EU" = APB Beta-EU
"Beta-NA" = APB Beta-NA
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"hon" = Heroes of Newerth
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Precision" = EVGA Precision 1.4.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"StarCraft II Beta" = StarCraft II Beta
"Steam App 17020" = Global Agenda Live
"Steam App 17040" = Global Agenda Public Test Client
"Steam App 18110" = Shattered Horizon
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 48700" = Mount&Blade: Warband
"Steam App 500" = Left 4 Dead
"Steam App 57500" = All Points Bulletin
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"TightVNC_is1" = TightVNC 1.3.10
"VentriloMIX" = VentriloMIX
"ViewpointMediaPlayer" = Viewpoint Media Player
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Options 360™" = Options 360™
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 11:45:50 PM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2010 6:34:22 AM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2010 7:46:12 AM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2010 9:16:39 AM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2010 9:18:44 AM | Computer Name = Kfuchsi7 | Source = Application Error | ID = 1000
Description = Faulting application i74wa3x6e.exe, version 2.0.0.1, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e038c0, exception
code 0xc0000005, fault offset 0x0004c7e6, process id 0xf94, application start time
0x01cb2b32718883f2.

Error - 7/24/2010 9:27:24 AM | Computer Name = Kfuchsi7 | Source = VSS | ID = 8194
Description =

Error - 7/24/2010 9:33:01 AM | Computer Name = Kfuchsi7 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6,
faulting module icuuc36.dll, version 3.6.0.0, time stamp 0x470efe15, exception
code 0xc0000005, fault offset 0x00001f94, process id 0x1504, application start time
0x01cb2b34a0c7f722.

Error - 7/24/2010 10:33:34 AM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2010 10:37:35 AM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2010 11:00:09 AM | Computer Name = Kfuchsi7 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 8/12/2009 5:42:55 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/12/2009 6:26:41 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/12/2009 6:27:38 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/12/2009 6:29:34 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/12/2009 6:31:22 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/12/2009 7:16:00 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/13/2009 7:43:35 PM | Computer Name = Kfuchsi7 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/7/2009 5:13:28 PM | Computer Name = Kfuchsi7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/7/2010 6:33:45 PM | Computer Name = Kfuchsi7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/16/2010 6:32:45 PM | Computer Name = Kfuchsi7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/24/2010 10:39:11 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7026
Description =

Error - 7/24/2010 10:43:55 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7022
Description =

Error - 7/24/2010 10:44:53 AM | Computer Name = Kfuchsi7 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 10:44:54 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7009
Description =

Error - 7/24/2010 10:44:54 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/24/2010 11:00:09 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7023
Description =

Error - 7/24/2010 11:00:09 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/24/2010 11:00:33 AM | Computer Name = Kfuchsi7 | Source = DCOM | ID = 10016
Description =

Error - 7/24/2010 11:01:41 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7022
Description =

Error - 7/24/2010 11:01:41 AM | Computer Name = Kfuchsi7 | Source = Service Control Manager | ID = 7026
Description =

< End of report >

I couldnt seem to upload the files for some reason so i'll copy paste them as well

Mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4343

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/24/2010 10:53:06 AM
mbam-log-2010-07-24 (10-53-06).txt

Scan type: Quick scan
Objects scanned: 135743
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\updata.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Ark.log file:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-24 11:30:46
Windows 6.0.6002 Service Pack 2
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xD3 0x25 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE7 0xF2 0x1F 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x89 0x12 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xD3 0x25 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE7 0xF2 0x1F 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x89 0x12 0x95 ...

---- EOF - GMER 1.0.15 ----

Edited by kfuchs, 24 July 2010 - 09:56 AM.

#2
SweetTech

Posted 24 July 2010 - 12:18 PM

Sir SpamAlot

Retired Staff
7,671 posts

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL
PRC - [2009/07/25 05:04:10 | 000,144,384 | ---- | M] () -- C:\Users\Kfuchs\AppData\Roaming\Urfu\eszaa.exe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O4 - HKLM..\Run: [wmiprves] C:\Users\Kfuchs\AppData\Local\Temp\i74wa3x6e.exe File not found
O4 - HKCU..\Run: [{1302C0BA-4F96-F3A4-490F-7FD0B5DBE27B}] C:\Users\Kfuchs\AppData\Roaming\Urfu\eszaa.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [patchsetup70700.exe] C:\Users\Kfuchs\AppData\Roaming\744130D59FE9238EE43B2EFD86989A7E\patchsetup70700.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (app_dll.dll) - File not found
O33 - MountPoints2\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\Shell\AutoRun\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\Shell\open\command - "" = E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe -- File not found
O33 - MountPoints2\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\Shell\AutoRun\command - "" = F:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found
O33 - MountPoints2\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\Shell\open\command - "" = F:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe -- File not found
O33 - MountPoints2\{6a878028-b380-11de-ac98-00241d12e6c2}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{d72643ed-b88a-11de-92f1-00241d12e6c2}\Shell - "" = AutoRun
O33 - MountPoints2\{d72643ed-b88a-11de-92f1-00241d12e6c2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
[2010/07/22 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A}
[2010/07/22 21:43:51 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Local\kbixopmsw
[2010/07/22 21:43:33 | 000,000,000 | ---D | C] -- C:\Users\Kfuchs\AppData\Roaming\744130D59FE9238EE43B2EFD86989A7E
[2010/07/24 10:06:02 | 000,153,756 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Windows_7_All_Editions_MSDN_(Ult_Ent_Pro_HP_HB_Starter_Language.5061850.TPB.torrent
[2010/07/24 09:10:42 | 000,000,000 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\Ivuzifa.bin
[2010/07/24 09:10:41 | 000,000,120 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\Yhagu.dat
[2010/07/23 00:41:34 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\azupovilometape.dll
[2010/07/22 22:49:11 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\egixatesuxid.dll
[2010/07/22 22:05:17 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\izapediw.dll
[2010/07/22 21:53:41 | 000,002,804 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\ofihitamaga.dll
[2010/07/22 21:43:41 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/23 00:41:31 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\azupovilometape.dll
[2010/07/22 22:49:11 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\egixatesuxid.dll
[2010/07/22 22:05:17 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\izapediw.dll
[2010/07/22 21:53:41 | 000,002,804 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\ofihitamaga.dll
[2010/07/22 21:45:20 | 000,000,000 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\Ivuzifa.bin
[2010/07/22 21:45:18 | 000,000,120 | ---- | C] () -- C:\Users\Kfuchs\AppData\Local\Yhagu.dat
[2010/07/22 21:43:41 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071

:Reg

:Files
C:\Windows\tasks\At*.job
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#3
kfuchs

Posted 25 July 2010 - 04:52 AM

Member

Topic Starter
Member
40 posts

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named eszaa.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wmiprves deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1302C0BA-4F96-F3A4-490F-7FD0B5DBE27B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1302C0BA-4F96-F3A4-490F-7FD0B5DBE27B}\ not found.
C:\Users\Kfuchs\AppData\Roaming\Urfu\eszaa.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\patchsetup70700.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:app_dll.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\ not found.
File E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c4ff90f-a90f-11de-9fc0-00241d12e6c2}\ not found.
File E:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\ not found.
File F:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dbd1394-bcad-11de-a2ad-00241d12e6c2}\ not found.
File F:\RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a878028-b380-11de-ac98-00241d12e6c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a878028-b380-11de-ac98-00241d12e6c2}\ not found.
File E:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d72643ed-b88a-11de-92f1-00241d12e6c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d72643ed-b88a-11de-92f1-00241d12e6c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d72643ed-b88a-11de-92f1-00241d12e6c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d72643ed-b88a-11de-92f1-00241d12e6c2}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\WDSetup.exe not found.
C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A}\chrome\content folder moved successfully.
C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A}\chrome folder moved successfully.
C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A} folder moved successfully.
C:\Users\Kfuchs\AppData\Local\kbixopmsw folder moved successfully.
C:\Users\Kfuchs\AppData\Roaming\744130D59FE9238EE43B2EFD86989A7E folder moved successfully.
C:\Users\Kfuchs\Desktop\Windows_7_All_Editions_MSDN_(Ult_Ent_Pro_HP_HB_Starter_Language.5061850.TPB.torrent moved successfully.
C:\Users\Kfuchs\AppData\Local\Ivuzifa.bin moved successfully.
C:\Users\Kfuchs\AppData\Local\Yhagu.dat moved successfully.
C:\Users\Kfuchs\AppData\Local\azupovilometape.dll moved successfully.
C:\Users\Kfuchs\AppData\Local\egixatesuxid.dll moved successfully.
C:\Users\Kfuchs\AppData\Local\izapediw.dll moved successfully.
C:\Users\Kfuchs\AppData\Local\ofihitamaga.dll moved successfully.
C:\zrpt.xml moved successfully.
File C:\Users\Kfuchs\AppData\Local\azupovilometape.dll not found.
File C:\Users\Kfuchs\AppData\Local\egixatesuxid.dll not found.
File C:\Users\Kfuchs\AppData\Local\izapediw.dll not found.
File C:\Users\Kfuchs\AppData\Local\ofihitamaga.dll not found.
File C:\Users\Kfuchs\AppData\Local\Ivuzifa.bin not found.
File C:\Users\Kfuchs\AppData\Local\Yhagu.dat not found.
File C:\zrpt.xml not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\TEMP:8927A071 .
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kfuchs
->Temp folder emptied: 144899 bytes
->Temporary Internet Files folder emptied: 171360 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 18879640 bytes
->Flash cache emptied: 657 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23958 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 77 bytes

Total Files Cleaned = 18.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kfuchs
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07252010_064328

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\725\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#4
SweetTech

Posted 25 July 2010 - 08:57 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following bolded text into the textbox.

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push
A report will open. Copy and Paste that report in your next reply.

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running the MalwareBytes' Anti-Malware scan.
3. The log that is produced after running the ESET Online Virus Scanner.
4. The log that is produced after running the SecurityCheck scan.
5. The log that is produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

#5
kfuchs

Posted 26 July 2010 - 05:34 PM

Member

Topic Starter
Member
40 posts

1) MalwareBytes' Anti-Malware scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4346

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/25/2010 1:07:06 PM
mbam-log-2010-07-25 (13-07-06).txt

Scan type: Quick scan
Objects scanned: 136526
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2) ESET Online Virus Scanner

C:\Program Files\VentriloMIX\Ventrilo 2.2.0.exe probably a variant of Win32/Agent trojan
C:\Windows\System32\msuFnsern.dll a variant of Win32/Spy.KeyLogger.NHQ trojan
C:\Windows\SysWOW64\msuFnsern.dll a variant of Win32/Spy.KeyLogger.NHQ trojan
C:\_OTL\MovedFiles\07252010_064328\C_Users\Kfuchs\AppData\Roaming\Urfu\eszaa.exe a variant of Win32/Kryptik.FPO trojan

3)SecurityCheck scan

Results of screen317's Security Check version 0.99.4
Windows Vista
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Norton AntiVirus
Norton AntiVirus Help
Norton Internet Security (Symantec Corporation)
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

4)OTL scan

OTL logfile created on: 7/26/2010 7:27:13 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Kfuchs\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 63.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 231.80 Gb Free Space | 38.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFUCHSI7
Current User Name: Kfuchs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\PrintDisp.exe
PRC - [2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
PRC - [2010/07/23 16:57:38 | 001,251,720 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Kfuchs\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/26 02:49:14 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/06/26 02:49:09 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/03 22:42:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/13 13:19:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 13:39:00 | 001,808,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Stopped] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/25 07:14:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/23 16:57:38 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/06/26 02:49:14 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/06/26 02:49:09 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/26 19:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/13 13:19:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/12/08 17:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 03:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/23 17:04:55 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/02 12:22:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 13:31:42 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 13:31:18 | 000,047,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 13:31:00 | 000,266,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 13:30:58 | 000,145,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 13:30:58 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 13:30:58 | 000,016,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/10/16 03:08:08 | 000,183,296 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/04/22 08:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/11/30 23:57:12 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2007/11/30 23:57:12 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2007/11/30 23:57:12 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/26 14:13:57 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/15 09:11:52 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100726.007\EX64.SYS -- (NAVEX15)
DRV - [2010/07/15 09:11:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/15 09:11:52 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:11:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100726.007\ENG64.SYS -- (NAVENG)
DRV - [2010/06/23 15:37:09 | 000,386,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100720.001\IDSviA64.sys -- (IDSvia64)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{945B23D2-1229-4107-B2B6-A6090481CB2A}: C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A}

[2009/05/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mozilla\Extensions
[2009/05/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/22 07:17:34 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/23 16:39:32 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Kfuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/07/25 06:43:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/24 14:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/07/24 10:47:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/24 10:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/24 10:23:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
[2010/07/24 07:04:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/24 07:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/23 16:57:16 | 000,025,424 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\COH_Mon.sys
[2010/07/23 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/07/23 16:45:42 | 000,172,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/23 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/23 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/22 21:44:20 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/07/22 21:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/07/22 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2010/07/26 19:29:46 | 004,456,448 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT
[2010/07/26 19:24:17 | 000,867,892 | ---- | M] () -- C:\Users\Kfuchs\Desktop\SecurityCheck.exe
[2010/07/26 19:08:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/26 18:54:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2521480657-3936409505-4224837914-1000UA.job
[2010/07/26 18:13:42 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 18:13:42 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 16:08:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/26 15:35:01 | 002,672,312 | ---- | M] () -- C:\Users\Kfuchs\Desktop\esetsmartinstaller_enu.exe
[2010/07/26 14:19:41 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/26 14:19:41 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/26 14:19:41 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/26 14:13:57 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/26 14:13:57 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/26 14:13:57 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/07/26 14:13:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 14:13:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/26 13:03:09 | 000,524,288 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/26 13:03:09 | 000,065,536 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/26 13:03:06 | 002,876,923 | -H-- | M] () -- C:\Users\Kfuchs\AppData\Local\IconCache.db
[2010/07/26 13:01:21 | 000,001,800 | -H-- | M] () -- C:\Users\Kfuchs\Documents\Default.rdp
[2010/07/26 12:09:01 | 000,379,505 | ---- | M] () -- C:\Users\Kfuchs\Desktop\NSO20100726120859497.pdf
[2010/07/26 12:00:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2010/07/26 08:16:21 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/25 09:57:40 | 000,038,935 | ---- | M] () -- C:\Users\Kfuchs\Desktop\claim for baggage.pdf
[2010/07/25 07:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2521480657-3936409505-4224837914-1000Core.job
[2010/07/24 12:04:10 | 000,100,088 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/24 10:59:51 | 000,369,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/24 10:47:08 | 000,000,744 | ---- | M] () -- C:\Users\Kfuchs\Desktop\ERUNT.lnk
[2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
[2010/07/24 07:50:40 | 000,002,047 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Google Chrome.lnk
[2010/07/24 07:50:40 | 000,002,009 | ---- | M] () -- C:\Users\Kfuchs\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/24 07:11:28 | 000,019,456 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 07:04:41 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 17:35:30 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kfuchs.job
[2010/07/23 17:04:55 | 000,172,080 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/23 17:04:55 | 000,010,655 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/23 17:04:55 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/23 16:59:36 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 16:49:18 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/07/22 22:12:34 | 569,345,292 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/07 12:28:44 | 000,011,940 | ---- | M] () -- C:\Users\Kfuchs\Desktop\For alona.docx
[2010/07/05 22:50:03 | 000,043,252 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project1.docx
[2010/07/05 12:51:49 | 000,010,375 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project2.docx
[2010/07/05 12:51:15 | 000,010,399 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project3.docx
[2010/07/01 11:44:18 | 000,017,134 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Exam III SG.docx

========== Files Created - No Company Name ==========

[2010/07/26 19:24:17 | 000,867,892 | ---- | C] () -- C:\Users\Kfuchs\Desktop\SecurityCheck.exe
[2010/07/26 15:34:59 | 002,672,312 | ---- | C] () -- C:\Users\Kfuchs\Desktop\esetsmartinstaller_enu.exe
[2010/07/26 12:09:01 | 000,379,505 | ---- | C] () -- C:\Users\Kfuchs\Desktop\NSO20100726120859497.pdf
[2010/07/26 08:15:42 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/25 09:57:40 | 000,038,935 | ---- | C] () -- C:\Users\Kfuchs\Desktop\claim for baggage.pdf
[2010/07/24 10:47:08 | 000,000,744 | ---- | C] () -- C:\Users\Kfuchs\Desktop\ERUNT.lnk
[2010/07/24 07:04:41 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 16:57:16 | 000,010,557 | ---- | C] () -- C:\Windows\SysNative\drivers\COH_Mon.cat
[2010/07/23 16:51:01 | 000,000,560 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kfuchs.job
[2010/07/23 16:49:18 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/07/23 16:45:42 | 000,010,655 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/23 16:45:42 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/07 12:28:43 | 000,011,940 | ---- | C] () -- C:\Users\Kfuchs\Desktop\For alona.docx
[2010/07/05 12:52:22 | 000,043,252 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project1.docx
[2010/07/05 12:51:49 | 000,010,375 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project2.docx
[2010/07/05 12:51:15 | 000,010,399 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project3.docx
[2010/07/01 11:44:18 | 000,017,134 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Exam III SG.docx
[2010/06/10 01:25:18 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/19 03:05:01 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/19 03:05:01 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/21 10:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 10:28:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/14 16:34:41 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msuFnsern.dll
[2009/06/30 10:18:26 | 000,001,338 | ---- | C] () -- C:\Windows\stock.INI
[2009/06/12 15:52:59 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/24 17:32:47 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msuccso7d.dll
[2009/04/12 23:36:44 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswcnso7e.dll
[2009/04/11 18:39:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/11 08:29:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/11/06 14:13:41 | 000,359,256 | ---- | M] (Hewlett-Packard) -- C:\hpzids40.dll
[2009/04/25 17:24:43 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/26 14:13:31 | 2459,516,927 | -HS- | M] () -- C:\pagefile.sys
[2010/07/24 07:04:11 | 000,000,350 | ---- | M] () -- C:\rkill.log
[2010/07/26 14:15:28 | 000,000,126 | ---- | M] () -- C:\service.log
[2010/05/05 17:14:49 | 000,017,408 | ---- | M] () -- C:\Untitled.MSWMM

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/26 00:03:40 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071
< End of report >

5) My Report
Sorry for the delayed response.

The computer seems to be working fine. I cant seem to turn my User account thing on for some reason but I dont think its because of a virus.

#6
SweetTech

Posted 26 July 2010 - 05:47 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL

:Reg

:Files
C:\Windows\System32\msuFnsern.dll
C:\Windows\SysWOW64\msuFnsern.dll
:Commands
[purity]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "JDK 6 Update 21 (JDK or JRE)".
Click the "Download JRE" button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Clean Java Cache & Temporary Files

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

NEXT:

Your computer is currently running with No Service Packs installed. This is not something that I recommend you continue to do. Please visit this link here: http://support.micro.../935791#Method2 for information on how to obtain the latest Service Pack for Vista. The latest service pack for Vista is currently Service Pack 2.

To ensure that everything goes smoothly with the Service Pack update, I'd like to see a final OTL scan, and then we will clean-up our tools in the next post.

#7
kfuchs

Posted 27 July 2010 - 06:50 AM

Member

Topic Starter
Member
40 posts

When I tried to install the service packs they both told me they were already installed.

1) OTL Scan

OTL logfile created on: 7/27/2010 8:47:19 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Kfuchs\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 309.78 Gb Free Space | 51.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KFUCHSI7
Current User Name: Kfuchs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\PrintDisp.exe
PRC - [2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
PRC - [2010/07/23 16:57:38 | 001,251,720 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Kfuchs\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/26 02:49:14 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/06/26 02:49:09 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/03 22:42:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/13 13:19:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 13:39:00 | 001,808,752 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Stopped] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/25 07:14:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/23 16:57:38 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/06/26 02:49:14 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/06/26 02:49:09 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/26 19:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/13 13:19:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/12/08 17:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 03:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/23 17:04:55 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/02 12:22:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 13:31:42 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 13:31:18 | 000,047,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 13:31:00 | 000,266,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 13:30:58 | 000,145,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 13:30:58 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 13:30:58 | 000,016,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/10/16 03:08:08 | 000,183,296 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/04/22 08:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/11/30 23:57:12 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2007/11/30 23:57:12 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2007/11/30 23:57:12 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/27 08:03:01 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/15 09:11:52 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100726.041\EX64.SYS -- (NAVEX15)
DRV - [2010/07/15 09:11:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/15 09:11:52 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:11:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100726.041\ENG64.SYS -- (NAVENG)
DRV - [2010/06/23 15:37:09 | 000,386,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100720.001\IDSviA64.sys -- (IDSvia64)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{945B23D2-1229-4107-B2B6-A6090481CB2A}: C:\Users\Kfuchs\AppData\Local\{945B23D2-1229-4107-B2B6-A6090481CB2A}

[2009/05/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mozilla\Extensions
[2009/05/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Kfuchs\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/22 07:17:34 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/23 16:39:32 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Kfuchs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 08:33:21 | 781,443,488 | ---- | C] (Microsoft Corporation) -- C:\Users\Kfuchs\Desktop\Windows6.0-KB948465-X64.exe
[2010/07/27 08:20:29 | 761,789,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Kfuchs\Desktop\Windows6.0-KB936330-X64-wave0.exe
[2010/07/27 08:14:29 | 000,468,480 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/07/27 08:14:29 | 000,183,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/07/27 08:14:29 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/07/27 08:14:29 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/07/27 08:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/26 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/07/25 06:43:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/24 14:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/07/24 10:47:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/24 10:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/24 10:23:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
[2010/07/24 07:04:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/24 07:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/23 16:57:16 | 000,025,424 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\COH_Mon.sys
[2010/07/23 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/07/23 16:45:42 | 000,172,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/23 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/23 16:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/22 21:44:20 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/07/22 21:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/07/22 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2010/07/27 08:48:03 | 004,456,448 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT
[2010/07/27 08:46:10 | 781,443,488 | ---- | M] (Microsoft Corporation) -- C:\Users\Kfuchs\Desktop\Windows6.0-KB948465-X64.exe
[2010/07/27 08:32:31 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/07/27 08:31:03 | 761,789,904 | ---- | M] (Microsoft Corporation) -- C:\Users\Kfuchs\Desktop\Windows6.0-KB936330-X64-wave0.exe
[2010/07/27 08:21:32 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 08:21:32 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 08:14:20 | 000,468,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/07/27 08:14:20 | 000,183,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/07/27 08:14:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/07/27 08:14:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/07/27 08:08:48 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/27 08:08:48 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/27 08:08:48 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/27 08:08:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 08:04:42 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/27 08:04:42 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/27 08:03:01 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/07/27 08:02:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 08:02:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/27 08:02:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 07:43:15 | 000,524,288 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 07:43:15 | 000,065,536 | -HS- | M] () -- C:\Users\Kfuchs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/26 19:37:44 | 002,878,442 | -H-- | M] () -- C:\Users\Kfuchs\AppData\Local\IconCache.db
[2010/07/26 18:54:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2521480657-3936409505-4224837914-1000UA.job
[2010/07/26 13:01:21 | 000,001,800 | -H-- | M] () -- C:\Users\Kfuchs\Documents\Default.rdp
[2010/07/26 12:09:01 | 000,379,505 | ---- | M] () -- C:\Users\Kfuchs\Desktop\NSO20100726120859497.pdf
[2010/07/26 12:00:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
[2010/07/26 08:16:21 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/25 09:57:40 | 000,038,935 | ---- | M] () -- C:\Users\Kfuchs\Desktop\claim for baggage.pdf
[2010/07/25 07:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2521480657-3936409505-4224837914-1000Core.job
[2010/07/24 12:04:10 | 000,100,088 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/24 10:59:51 | 000,369,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/24 10:47:08 | 000,000,744 | ---- | M] () -- C:\Users\Kfuchs\Desktop\ERUNT.lnk
[2010/07/24 10:23:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kfuchs\Desktop\OTL.exe
[2010/07/24 07:50:40 | 000,002,047 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Google Chrome.lnk
[2010/07/24 07:50:40 | 000,002,009 | ---- | M] () -- C:\Users\Kfuchs\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/24 07:11:28 | 000,019,456 | ---- | M] () -- C:\Users\Kfuchs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 07:04:41 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 17:35:30 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kfuchs.job
[2010/07/23 17:04:55 | 000,172,080 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/23 17:04:55 | 000,010,655 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/23 17:04:55 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/23 16:59:36 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 16:49:18 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/07/22 22:12:34 | 569,345,292 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/07 12:28:44 | 000,011,940 | ---- | M] () -- C:\Users\Kfuchs\Desktop\For alona.docx
[2010/07/05 22:50:03 | 000,043,252 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project1.docx
[2010/07/05 12:51:49 | 000,010,375 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project2.docx
[2010/07/05 12:51:15 | 000,010,399 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project3.docx
[2010/07/01 11:44:18 | 000,017,134 | ---- | M] () -- C:\Users\Kfuchs\Desktop\Exam III SG.docx

========== Files Created - No Company Name ==========

[2010/07/27 08:32:31 | 000,065,536 | ---- | C] () -- C:\Windows\SPInstall.etl
[2010/07/26 12:09:01 | 000,379,505 | ---- | C] () -- C:\Users\Kfuchs\Desktop\NSO20100726120859497.pdf
[2010/07/26 08:15:42 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/25 09:57:40 | 000,038,935 | ---- | C] () -- C:\Users\Kfuchs\Desktop\claim for baggage.pdf
[2010/07/24 10:47:08 | 000,000,744 | ---- | C] () -- C:\Users\Kfuchs\Desktop\ERUNT.lnk
[2010/07/24 07:04:41 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 16:57:16 | 000,010,557 | ---- | C] () -- C:\Windows\SysNative\drivers\COH_Mon.cat
[2010/07/23 16:51:01 | 000,000,560 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kfuchs.job
[2010/07/23 16:49:18 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/07/23 16:45:42 | 000,010,655 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/23 16:45:42 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/07 12:28:43 | 000,011,940 | ---- | C] () -- C:\Users\Kfuchs\Desktop\For alona.docx
[2010/07/05 12:52:22 | 000,043,252 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project1.docx
[2010/07/05 12:51:49 | 000,010,375 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project2.docx
[2010/07/05 12:51:15 | 000,010,399 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Extra Credit Project3.docx
[2010/07/01 11:44:18 | 000,017,134 | ---- | C] () -- C:\Users\Kfuchs\Desktop\Exam III SG.docx
[2010/06/10 01:25:18 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/19 03:05:01 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/19 03:05:01 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/21 10:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 10:28:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/30 10:18:26 | 000,001,338 | ---- | C] () -- C:\Windows\stock.INI
[2009/06/12 15:52:59 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/24 17:32:47 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msuccso7d.dll
[2009/04/12 23:36:44 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswcnso7e.dll
[2009/04/11 18:39:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071
< End of report >

#8
SweetTech

Posted 27 July 2010 - 08:28 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

NEXT:

OTL Clean-Up
Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" tab, then click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
  - NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#9
SweetTech

Posted 01 August 2010 - 04:09 PM

Sir SpamAlot

Retired Staff
7,671 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.