This topic is locked
About two years ago I started using Microsoft Security Essentials on all my computers, and at the time it was so stunningly effective that I started relying on it entirely, and got pretty complacent about security. If I hadn't, I would have jumped on this earlier; it was clear before the weekend that something had gotten onto the computer, but I hoped if I just kept updating MSSE and running full scans it would eventually find the problem and remove it. Instead, whatever is on my computer has apparently found Security Essentials and removed vital parts of *it*: at this point, the MSSE interface will load, but clicking on "Start Now" gets an error message that "The Specified Service Does Not Exist As An Installed Service. Error Code: 0x80070424". I don't know where the infection came from.
So yeah, things are very bad. At one point the computer was all but unuseable, Google results were all re-directs, Impostor-Anti-Malware-Malware would launch in place of most programs (including an extremely nasty one that convincingly imitated Windows Security Center), most others would be blocked by an error something like "Does Not Have Permission To Access This Resource", and the computer did some kind of "Core Dump" crash every time it was shut down. Going to Safe Mode gave almost no perceivable improvement. I managed to use AltaVista to find some removal guides, downloaded a questionable program called "Spyware Doctor" which may or may have not added a little stability, then finally got a program called inherit.exe and managed somehow after repeated attempts to use it to give permission for another program named TDSSKiller.exe to run, which was able to remove a rootkit that was apparently responsible for the worst problems. I don't actually know what a rootkit is, beyond bad.
After the rootkit was gone, I was able to rename mbam.exe, use it with inherit.exe, update and then run a full scan. This eliminated about 80% of problems. After that I updated and ran Spybot: Search & Destroy, which found one piece of malware, and ran CCleaner on my registry for giggles, but really they didn't seem to make a difference. Now I can launch anti-virus programs normally again, the permission restrictions blocking other programs are gone, and regular scans indicate the rootkit has not returned; but MSSE remains gutted, sporadic redirects continue to plague Firefox, a very suspicious Firefox add-on called "Xula Cache" keeps re-installing itself after I remove it, Yahoo! Instant Messenger, of all things, continues to display a blank window since the beginning of the infection (which seems to be, according to the internet, caused by a persistent registry corruption of security settings which blocks IE scripts from running in order to prevent users from filling out captchas), and every eight hours or so if I run a new Malwarebyte's Anti-Malware "Full Scan" I'll find around fifteen new problems, most of which I don't understand but clearly include more trojans.
I really tried, but this is way beyond me. I need help. Please?
EDIT: Some things I failed to state explicitly: My operating system is Vista SP1, and the two different rogue anti-virus programs that attacked me sequentially had names something like "Secure Shield" for the first one, with a green shield icon imitating the Windows Security Center icon, and the second being called, I think, "Vista Security 2012", which had several different pop-ups, one interposing itself when Firefox was launched, and another being the one that convincingly emulated the entire Windows Security Center window. Or, who knows, maybe it actually DID hijack Security Center and place buttons within it to give more permissions to itself.
Here is the text of my OTL log, as per forum instructions:
OTL logfile created on: 6/15/2011 4:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\User\Desktop\Security Squad
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 50.96% Memory free
6.22 Gb Paging File | 4.41 Gb Available in Paging File | 71.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 173.86 Gb Free Space | 60.36% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 576.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.07% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: INSPIRATION | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/15 14:57:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Security Squad\OTL.exe
PRC - [2011/06/13 22:47:40 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/06/13 04:27:00 | 000,774,144 | ---- | M] (CrypKey Inc.) -- C:\Windows\System32\mscat3232.exe
PRC - [2011/06/13 04:27:00 | 000,774,144 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\dpnlobby32.exe
PRC - [2011/06/06 03:27:12 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/07/04 04:37:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/03 17:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 14:14:36 | 001,593,808 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Upgrade.exe
PRC - [2009/08/16 15:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007/05/11 09:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
========== Modules (SafeList) ==========
MOD - [2011/06/15 14:57:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Security Squad\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/02/26 08:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/13 04:27:00 | 000,774,144 | ---- | M] (CrypKey Inc.) [Auto | Running] -- C:\Windows\System32\mscat3232.exe -- (ose32)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/04/03 17:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/29 21:28:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
========== Driver Services (SafeList) ==========
DRV - [2011/06/13 22:45:12 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/25 01:01:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/04/03 18:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2008/05/02 10:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 17:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.reddit.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DB F9 7B 01 C2 AE 0E 41 93 8B F2 BA 62 78 62 59 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.24
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 14:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 22:11:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/28 23:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/05/24 21:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2010/05/24 21:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/15 14:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1jo0ayau.default\extensions
[2010/07/08 00:50:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1jo0ayau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/31 02:31:59 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1jo0ayau.default\extensions\[email protected]
[2011/06/15 14:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/03 04:37:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/05/24 21:23:47 | 000,395,319 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13653 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (8e6edc2c) - {ABBD6E0D-AEBB-F65B-B090-B626A087C171} - C:\ProgramData\atmlib32.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [SvrWsc] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\ProgramData\atmlib32.dll) - C:\ProgramData\atmlib32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/12/13 03:43:32 | 000,000,040 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0489d5dc-35e0-11df-b505-001fc6d5b1fc}\Shell - "" = AutoRun
O33 - MountPoints2\{0489d5dc-35e0-11df-b505-001fc6d5b1fc}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 01:04:40 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/15 14:56:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Security Squad
[2011/06/15 02:09:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Wager
[2011/06/15 02:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Wager
[2011/06/15 02:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Surprised Man
[2011/06/14 21:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/14 01:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/06/13 22:28:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Threat Expert
[2011/06/13 21:12:43 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/06/13 21:12:43 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/06/13 21:12:43 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/06/13 20:13:01 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/06/13 20:13:01 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/06/13 20:13:00 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/06/13 20:13:00 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/06/13 20:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/06/13 20:12:58 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/06/13 20:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/06/13 20:12:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools
[2011/06/13 20:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/13 20:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/13 20:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/13 19:34:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/13 04:27:20 | 000,774,144 | ---- | C] (CrypKey Inc.) -- C:\ProgramData\dpnlobby32.exe
[2011/06/13 04:27:01 | 000,774,144 | ---- | C] (CrypKey Inc.) -- C:\Windows\System32\mscat3232.exe
[2011/06/12 18:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/05/30 15:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aquaria
[2011/05/30 15:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aquaria
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/15 16:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{694EEA4F-661B-41E2-8717-0B780B24F75D}.job
[2011/06/15 15:59:33 | 000,000,043 | ---- | M] () -- C:\ProgramData\2e9d8b7e
[2011/06/15 15:32:12 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3017253937-1926744087-4142599468-1000UA.job
[2011/06/15 15:05:54 | 000,644,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/15 15:05:54 | 000,120,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/15 15:00:12 | 000,145,813 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/15 15:00:11 | 000,145,813 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/15 14:59:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 14:59:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 14:59:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 14:59:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 03:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3017253937-1926744087-4142599468-1000Core.job
[2011/06/14 23:01:49 | 000,001,505 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2011/06/14 21:25:13 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/13 23:27:00 | 000,012,090 | -HS- | M] () -- C:\Users\User\AppData\Local\pua522agfx3s2164vd02um8368rc
[2011/06/13 23:27:00 | 000,012,090 | -HS- | M] () -- C:\ProgramData\pua522agfx3s2164vd02um8368rc
[2011/06/13 22:45:15 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/06/13 22:45:12 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/06/13 21:42:55 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/06/13 20:12:59 | 000,001,785 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/06/13 19:20:14 | 000,012,074 | -HS- | M] () -- C:\ProgramData\3211381575
[2011/06/13 17:32:06 | 000,030,720 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 04:27:20 | 000,167,936 | ---- | M] () -- C:\ProgramData\atmlib32.dll
[2011/06/13 04:27:20 | 000,000,081 | ---- | M] () -- C:\Windows\System32\78879502
[2011/06/13 04:27:00 | 000,774,144 | ---- | M] (CrypKey Inc.) -- C:\Windows\System32\mscat3232.exe
[2011/06/13 04:27:00 | 000,774,144 | ---- | M] (CrypKey Inc.) -- C:\ProgramData\dpnlobby32.exe
[2011/06/12 18:45:46 | 000,000,966 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/12 18:45:46 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/06/12 05:08:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/06 18:28:17 | 000,207,671 | ---- | M] () -- C:\Users\User\Desktop\Kemonomimi_by_spazzykoneko.jpg
[2011/06/04 19:49:19 | 003,984,854 | ---- | M] () -- C:\Users\User\Desktop\The Protomen - Light up the Night.mp3
[2011/06/02 13:51:14 | 000,031,661 | ---- | M] () -- C:\Users\User\Desktop\dog115b.jpg
[2011/05/30 15:49:00 | 000,001,661 | ---- | M] () -- C:\Users\User\Desktop\Aquaria Config.lnk
[2011/05/30 15:49:00 | 000,001,652 | ---- | M] () -- C:\Users\User\Desktop\Aquaria.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/14 23:01:49 | 000,001,505 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2011/06/14 21:25:13 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/13 22:23:56 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/13 21:12:43 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2011/06/13 21:12:43 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/06/13 21:12:43 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/06/13 21:12:43 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/06/13 21:12:43 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/06/13 20:13:01 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/06/13 20:13:00 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/06/13 20:13:00 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/06/13 20:12:59 | 000,001,785 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/06/13 20:12:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/06/13 19:17:36 | 000,012,090 | -HS- | C] () -- C:\Users\User\AppData\Local\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:17:36 | 000,012,074 | -HS- | C] () -- C:\ProgramData\3211381575
[2011/06/13 19:17:12 | 000,012,090 | -HS- | C] () -- C:\ProgramData\pua522agfx3s2164vd02um8368rc
[2011/06/13 15:15:41 | 000,000,043 | ---- | C] () -- C:\ProgramData\2e9d8b7e
[2011/06/13 04:27:20 | 000,167,936 | ---- | C] () -- C:\ProgramData\atmlib32.dll
[2011/06/13 04:27:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\78879502
[2011/06/12 18:45:46 | 000,000,966 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/12 18:45:46 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/06/12 05:08:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/06 18:28:16 | 000,207,671 | ---- | C] () -- C:\Users\User\Desktop\Kemonomimi_by_spazzykoneko.jpg
[2011/06/04 19:47:59 | 003,984,854 | ---- | C] () -- C:\Users\User\Desktop\The Protomen - Light up the Night.mp3
[2011/06/02 13:51:13 | 000,031,661 | ---- | C] () -- C:\Users\User\Desktop\dog115b.jpg
[2011/05/30 15:49:00 | 000,001,661 | ---- | C] () -- C:\Users\User\Desktop\Aquaria Config.lnk
[2011/05/30 15:49:00 | 000,001,652 | ---- | C] () -- C:\Users\User\Desktop\Aquaria.lnk
[2011/04/25 01:27:48 | 000,000,289 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/04/25 01:27:34 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/11/02 00:33:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/02 00:33:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/01 09:02:21 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2010/09/19 01:09:20 | 000,073,695 | ---- | C] () -- C:\Users\User\AppData\Roaming\4[qgt9982[Q.exe
[2010/07/21 23:12:40 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/07/04 05:00:42 | 000,030,720 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 20:30:45 | 000,145,813 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/24 20:30:43 | 000,145,813 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/24 19:39:10 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/24 19:39:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/24 19:39:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/24 19:39:06 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/24 19:39:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/24 18:24:17 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/07/30 04:51:41 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/30 04:51:41 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/30 04:51:41 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/30 04:51:41 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/29 21:16:02 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/07/29 21:15:10 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/07/29 21:11:27 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2008/07/29 21:11:27 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,264,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,644,908 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,000 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/05/30 12:31:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2010/11/22 05:51:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.purple
[2010/11/22 06:02:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2011/01/12 05:06:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2010/12/30 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperMap
[2010/12/30 23:49:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperMap.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2010/12/30 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperWorld
[2010/12/29 01:24:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1
[2011/04/25 01:23:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011/06/14 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2010/10/15 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn
[2011/01/03 07:39:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Minetographer
[2011/02/27 02:05:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rags
[2010/05/24 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2010/09/07 13:25:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\tmp
[2010/07/16 05:59:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UDP Software
[2011/06/13 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/10/12 01:10:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\X-Chat 2
[2011/06/15 14:58:41 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/15 16:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{694EEA4F-661B-41E2-8717-0B780B24F75D}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OTL also spat out this "Extras.txt", which wasn't mentioned in the forum instructions, but I figure anyone nice enough to help me may want it as well:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OTL Extras logfile created on: 6/15/2011 4:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\User\Desktop\Security Squad
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 50.96% Memory free
6.22 Gb Paging File | 4.41 Gb Available in Paging File | 71.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 173.86 Gb Free Space | 60.36% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 576.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.07% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: INSPIRATION | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05385D81-7FF3-4738-B41B-F8EA1ABFB418}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{9328AE73-370F-41AA-9EF0-ECA906B57C78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2BC0B621-FF37-4167-A3F3-D6D4887E7403}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{48CC29D7-2EF7-46F0-9AA3-D0C014D319B7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5AC51A9F-CCD4-4E7B-908A-4A7BDD36212E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{68517950-8A67-47E6-8CBD-1AC5255C80B1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8973F293-1A4B-4B3E-ACCF-D778FB189EED}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{BE365B05-0DDB-40DD-93A3-9FA7B58BBE47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D20BEA51-3A05-4BD4-89CC-61E58F6B1182}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{493CE83C-F9D6-4BBE-A38C-C0065D3AC7C2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{4B3EE2C9-CF16-4D1F-A01C-84A9042AFEA5}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{7264B75A-197F-44E5-BD74-733868738E48}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"TCP Query User{870FE723-A549-499B-8B33-232FB27D659F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{8C0263F0-C25A-4671-80FF-5A2252CEDAA8}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"TCP Query User{C9FD9FD2-8D7D-4FFF-812B-80FA602A1DBF}C:\program files\shrapnel games\malfador machinations\space empires iv gold\se4.exe" = protocol=6 | dir=in | app=c:\program files\shrapnel games\malfador machinations\space empires iv gold\se4.exe |
"TCP Query User{E04ADEFE-4858-4F6F-9B1A-C40B85C65029}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{E20B5EEA-51B1-4039-827B-4B764802CE5B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{144F44E5-A42D-4882-8A50-8BCF77FEF85D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1A50CCAB-798A-42CB-9458-7D100900B669}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{209DD2C3-CE6A-4B8F-9E35-62571E846981}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{5D716226-A6E6-4448-8578-1E9ADD5CBB0C}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{62CA5A65-9B55-4EA6-AC71-37CE37A144E9}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{8BC63EA6-C912-44AA-A047-5C9A0200B94B}C:\program files\shrapnel games\malfador machinations\space empires iv gold\se4.exe" = protocol=17 | dir=in | app=c:\program files\shrapnel games\malfador machinations\space empires iv gold\se4.exe |
"UDP Query User{C8934287-304D-4AD0-BE20-7285C3BA388A}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{F40F58A3-1AC3-4124-88F9-97909D9C12DC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD921DC-FE10-404C-99DB-FA57A6FCB32E}_is1" = Ben There Dan That 1.1.3.8
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD38873-626C-4A11-9BC6-AA1A0660563D}" = Rags Suite
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ Beta 4.2
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C65A7E-B87E-78A4-DD8F-142D785D512F}" = Creeper World
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA2CAF30-062F-8B00-86B9-46840A81802F}" = Creeper World Map Editor
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Aquaria" = Aquaria
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BASICR" = Microsoft Office Basic 2007
"Battle for Wesnoth 1.8.3" = Battle for Wesnoth 1.8.3
"Battleships Forever_is1" = Battleships Forever v0.90d
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"CreeperMap.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World Map Editor
"CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1" = Creeper World
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"ERUNT_is1" = ERUNT 1.1j
"Eufloria_is1" = Eufloria v2.07
"Future Cop" = Future Cop
"GoToAssist" = GoToAssist 8.0.0.514
"Homeworld" = Homeworld
"ImgBurn" = ImgBurn
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Nmap" = Nmap 5.21
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pidgin" = Pidgin
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Revenge of the Titans" = Revenge of the Titans
"Rise_of_the_West" = Rise of the West (remove only)
"SimpleMU MUD Client" = SimpleMU MUD Client
"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Space Empires IV Deluxe Patch v:1.95" = Space Empires IV Deluxe Patch v:1.95
"Space Empires IV Gold" = Space Empires IV Gold
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"Starscape_is1" = Starscape V1.5c
"SuperCopier2" = SuperCopier2
"Swiff Player_is1" = Swiff Player 1.5
"The Wager" = The Wager 1.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"xchat" = XChat 2 (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Astro Battle Design Tool" = Astro Battle Design Tool
"CodeBlocks" = CodeBlocks
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/12/2011 6:39:34 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:34 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:34 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:34 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:34 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:38 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:38 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:38 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:38 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 6/12/2011 6:39:41 PM | Computer Name = Inspiration | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
[ System Events ]
Error - 6/14/2011 3:03:25 AM | Computer Name = Inspiration | Source = Service Control Manager | ID = 7034
Description =
Error - 6/14/2011 3:35:31 AM | Computer Name = Inspiration | Source = Service Control Manager | ID = 7009
Description =
Error - 6/14/2011 3:43:41 AM | Computer Name = Inspiration | Source = DCOM | ID = 10010
Description =
Error - 6/14/2011 3:48:11 AM | Computer Name = Inspiration | Source = HTTP | ID = 15016
Description =
Error - 6/14/2011 4:32:32 AM | Computer Name = Inspiration | Source = Service Control Manager | ID = 7016
Description =
Error - 6/14/2011 2:33:01 PM | Computer Name = Inspiration | Source = HTTP | ID = 15016
Description =
Error - 6/14/2011 11:15:20 PM | Computer Name = Inspiration | Source = HTTP | ID = 15016
Description =
Error - 6/15/2011 7:15:02 AM | Computer Name = Inspiration | Source = HTTP | ID = 15016
Description =
Error - 6/15/2011 2:46:21 PM | Computer Name = Inspiration | Source = HTTP | ID = 15016
Description =
Error - 6/15/2011 2:59:51 PM | Computer Name = Inspiration | Source = HTTP | ID = 15016
Description =
< End of report >
Edited by Strain Of Thought, 21 June 2011 - 05:11 PM.
Sign In
Create Account
