View Full Version : Blue screens of death and certain programs won't run.
Ok, something is going down. I've gotten the blue screen of death twice.
AVG detected three infected files the other day. Two appear to be identical (c:\Windows\System32\rcpnetp.exe), one was "moved to virus vault," the other "inaccessible." The third file is c:\Windows\SysWOW64\rcpnetp.dll, which was also "moved to virus vault."
The only file actually listed in the virus vault is C:\Windows.old\Windows\system32\autochk.exe:BAK, listed as a "corrupted executable."
Firefox will not run at all. (Click on icon, nothing happens). I deleted the default user, uninstalled, reinstalled, and still have the same problem.
Dragon Naturally Speaking will load but not run. It either reports an "unexpected" error, or says that the program has become unstable.
Windows gave a message that some file had become corrupt and recommended running chkdsk.exe. Chkdsk.exe runs, but aborts itself. It says, "Canot lock current drive. Chkdsk cannot run because the volume is in use by another process." It then asks if I want to schedule a scan upon reboot. After choosing yes, the computer reboots as normal without running said scan.
------------------------------------------
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by TheEarl at 18:49:19.49 on Fri 12/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4091.1768 [GMT -6:00]
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
============== Running Processes ===============
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozy\mozystat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\mobsync.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe
C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr_x64.exe
C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TheEarl\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = https://share.law.northwestern.edu/jclc/default.aspx
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\TheEarl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [RockMelt Update] "C:\Users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
mRun: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\Mozy\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2010-1-16 17776]
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2010-1-16 124112]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-16 55856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2010-1-16 41072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLABMFSE.SYS [2010-1-16 46448]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLABOIOE.SYS [2010-1-16 42352]
R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLADResE.SYS [2010-1-16 9968]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAIFS_E.SYS [2010-1-16 146672]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAOPIOE.SYS [2010-1-16 35056]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAPoolE.SYS [2010-1-16 19824]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAUDF_E.SYS [2010-1-16 144112]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAUDFAE.SYS [2010-1-16 135152]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2010-1-16 63984]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;C:\Windows\System32\drivers\OEM13Vfx.sys [2007-3-5 12288]
R3 OEM13Vid;Creative Camera OEM013 Driver;C:\Windows\System32\drivers\OEM13Vid.sys [2008-5-28 267296]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
S3 B-Service;B-Service;C:\Users\TheEarl\AppData\Roaming\Mikogo\B-Service.exe [2010-10-7 185640]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2010-6-19 67072]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2010-6-19 32768]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]
=============== Created Last 30 ================
2010-12-17 19:11:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F8F7623A-55E0-4C97-9166-F94AB5BD7DA3}\mpengine.dll
2010-12-09 16:39:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2010-12-09 16:39:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2010-12-09 16:39:23 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2010-12-06 18:25:19 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys
2010-12-06 18:19:41 11336456 ----a-w- C:\PROGRA~3\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
2010-11-29 23:17:59 403304 ----a-w- C:\Windows\System32\xactengine2_7.dll
2010-11-29 22:23:07 458840 ----a-w- C:\Windows\System32\drivers\~GLH0023.TMP
2010-11-29 22:13:18 -------- d-----w- C:\Windows\Internet Logs
2010-11-29 00:18:47 -------- d-----w- C:\Users\TheEarl\AppData\Roaming\AVG10
2010-11-29 00:01:15 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-28 23:59:49 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-28 19:19:52 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-28 19:19:50 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-11-28 19:19:49 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2010-11-28 19:19:15 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-28 19:19:09 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-28 17:18:11 -------- d-----w- C:\PROGRA~3\MFAData
2010-11-26 05:03:43 -------- d-----w- C:\Users\TheEarl\AppData\Local\RockMelt
2010-11-25 20:00:08 -------- d-----w- C:\Windows\SysWow64\AGEIA
2010-11-25 19:59:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-11-25 08:07:51 -------- d-----w- C:\Program Files\iTunes
2010-11-25 08:07:51 -------- d-----w- C:\Program Files\iPod
2010-11-25 08:07:51 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-25 08:06:23 -------- d-----w- C:\Program Files\Bonjour
2010-11-25 08:06:23 -------- d-----w- C:\Program Files (x86)\Bonjour
==================== Find3M ====================
2010-12-17 05:51:47 60 ----a-w- C:\Windows\wpd99.drv
2010-12-16 22:45:31 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2010-11-16 23:45:54 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2010-11-14 02:39:14 340 ----a-w- C:\Windows\wininit.tmp
2010-11-10 04:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-14 07:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 07:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-07 18:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
2010-10-07 18:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-10-07 18:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-10-07 18:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2010-10-05 15:40:44 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2010-10-05 15:40:41 57752 ------w- C:\Windows\SysWow64\rpcnet.exe
2010-09-28 21:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 21:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
============= FINISH: 18:50:02.64 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but we get a bit overwhelmed at times.
Lets look a bit deeper into your system
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Post the Malwarebytes log and the OTL log please
Thanks. Here are the outputs. While OTL was running, windows gave me a notification that said OTL.exe had become corrupt (although it displayed a path unrelated to OTL) and recommended I run chkdsk. I tried to take a screenshot, but was unsuccessful. Not sure if there's a place to find what it said.
----------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5428
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/31/2010 9:43:15 AM
mbam-log-2010-12-31 (09-43-15).txt
Scan type: Quick scan
Objects scanned: 166589
Time elapsed: 5 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------------
OTL logfile created on: 12/31/2010 9:46:33 AM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\TheEarl\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.85 Gb Total Space | 71.41 Gb Free Space | 30.67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 691.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: THEMOTHERSHIP | User Name: TheEarl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\TheEarl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
========== Modules (SafeList) ==========
MOD - C:\Users\TheEarl\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (B-Service) -- C:\Users\TheEarl\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (mozybackup) -- C:\Program Files (x86)\Mozy\mozybackup.exe (Mozy, Inc.)
SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\drivers\mozy.sys (Mozy, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (OEM13Vid) -- C:\Windows\SysNative\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (VSBC) Virtual Serial Bus Enumerator (Eltima Software) -- C:\Windows\SysNative\drivers\evsbc.sys (ELTIMA Software)
DRV:64bit: - (evserial) Virtual Serial Ports Driver (Eltima Softwate) -- C:\Windows\SysNative\drivers\evserial.sys (ELTIMA Software)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV:64bit: - (OEM13Vfx) -- C:\Windows\SysNative\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://share.law.northwestern.edu/jclc/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC F3 D4 F1 AA 90 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/28 18:00:18 | 000,000,000 | ---D | M]
[2010/12/17 14:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheEarl\AppData\Roaming\Mozilla\Extensions
[2010/01/12 00:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheEarl\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2010/12/17 14:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 00:39:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/07 18:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 18:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/23 16:38:49 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1996/12/26 19:21:40 | 004,429,073 | R--- | M] (Blizzard Entertainment) - F:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1996/11/20 11:25:44 | 000,000,050 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2003/10/13 17:18:23 | 000,001,990 | R--- | M] () - G:\automenu.apm -- [ CDFS ]
O32 - AutoRun File - [2003/04/01 04:00:40 | 001,101,824 | R--- | M] (Indigo Rose Corporation) - G:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [2000/06/27 07:26:52 | 000,000,766 | R--- | M] () - G:\automenu.ico -- [ CDFS ]
O32 - AutoRun File - [2001/03/06 00:25:30 | 000,475,136 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/10/13 17:18:27 | 000,000,050 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e37c70d6-ed1a-11df-8db8-002556a09b0e}\Shell - "" = AutoRun
O33 - MountPoints2\{e37c70d6-ed1a-11df-8db8-002556a09b0e}\Shell\AutoRun\command - "" = G:\automenu.exe -- [2003/04/01 04:00:40 | 001,101,824 | R--- | M] (Indigo Rose Corporation)
O33 - MountPoints2\{fea2806d-0325-11df-ba96-00265edc96e5}\Shell - "" = AutoRun
O33 - MountPoints2\{fea2806d-0325-11df-ba96-00265edc96e5}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/09/23 16:58:15 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/31 09:36:45 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\AppData\Local\Adobe
[2010/12/31 09:28:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/31 09:25:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\TheEarl\Desktop\OTL.exe
[2010/12/31 09:24:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\TheEarl\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/31 09:23:47 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\TheEarl\Desktop\ATF-Cleaner.exe
[2010/12/27 15:45:44 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\AppData\Local\PunkBuster
[2010/12/27 15:45:41 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\Documents\BFBC2
[2010/12/27 15:44:46 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/12/27 15:44:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/12/27 15:44:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/12/27 15:44:46 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/12/27 15:44:45 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/12/27 15:44:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/12/27 15:44:45 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/12/27 15:44:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/12/27 15:44:44 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/12/27 15:44:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/12/27 15:44:44 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/12/27 15:44:44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/12/27 15:44:41 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/12/27 15:44:41 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/12/27 15:44:37 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/12/27 15:44:37 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/12/27 15:44:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/12/27 15:44:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/12/27 15:44:37 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/12/27 15:44:37 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/12/27 15:44:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/12/27 15:44:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/12/27 15:44:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/12/27 15:44:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/12/27 15:44:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/12/27 15:44:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/12/27 15:44:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/12/27 15:44:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/12/24 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\AppData\Local\Windows Live
[2010/12/24 21:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/12/24 21:06:47 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/12/24 21:06:47 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/12/24 21:06:47 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/12/24 21:06:47 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/12/24 21:06:47 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/12/24 21:06:46 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/12/24 21:06:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/12/24 21:05:53 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/12/24 21:05:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/12/24 21:05:52 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/12/24 21:05:52 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/12/24 21:05:52 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/12/24 21:05:52 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/12/24 21:05:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/12/24 21:05:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/12/24 21:05:52 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/12/24 21:05:52 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/12/24 21:05:52 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/12/24 21:05:52 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/12/24 21:05:52 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/12/24 21:05:52 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/12/24 21:05:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/12/24 21:05:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/12/16 16:40:31 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/12/16 16:40:22 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/12/16 16:40:22 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/12/16 16:40:18 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/12/16 16:40:15 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/12/16 16:40:15 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/12/16 16:40:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/12/16 16:40:14 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/12/16 16:40:14 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/12/16 16:40:14 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/12/16 16:40:10 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/12/16 16:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/12/16 16:39:34 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/12/16 16:39:34 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/12/14 13:47:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/14 13:47:55 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/14 13:47:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/14 13:47:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/14 13:47:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/14 13:47:41 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/14 13:47:41 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/14 13:47:41 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/14 13:47:40 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/14 13:47:40 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/14 13:47:40 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/14 13:47:40 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/14 13:47:37 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/14 13:47:37 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/14 13:47:28 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/14 13:47:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/14 13:47:27 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/14 13:47:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/14 13:47:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/14 13:47:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/14 13:47:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/14 13:47:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/14 13:47:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/14 13:47:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/14 13:47:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/14 13:47:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/14 13:47:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/14 13:47:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/14 13:47:24 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/06 12:25:19 | 000,066,552 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2010/12/06 12:19:41 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/31 09:29:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 09:28:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 09:28:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/31 09:26:28 | 000,258,247 | ---- | M] () -- C:\Users\TheEarl\Desktop\Blue screens of death and certain programs won't run.pdf
[2010/12/31 09:26:27 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
[2010/12/31 09:26:08 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
[2010/12/31 09:25:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TheEarl\Desktop\OTL.exe
[2010/12/31 09:25:02 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TheEarl\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/31 09:23:52 | 103,081,825 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/31 09:23:37 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\TheEarl\Desktop\ATF-Cleaner.exe
[2010/12/31 09:22:52 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
[2010/12/31 09:21:52 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/12/31 09:18:22 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
[2010/12/31 09:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
[2010/12/31 09:18:15 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/12/31 09:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 15:45:49 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/12/27 15:45:49 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 15:44:51 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/12/27 15:44:51 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/27 07:23:08 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 07:23:08 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 02:41:15 | 000,004,228 | ---- | M] () -- C:\Windows\mozy.blk
[2010/12/27 02:41:15 | 000,000,550 | ---- | M] () -- C:\Windows\mozy.flt
[2010/12/25 16:03:28 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/12/24 22:20:48 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/12/24 22:20:48 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/12/24 22:20:37 | 3217,199,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/24 22:20:33 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 17:47:22 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/19 17:47:22 | 000,628,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/19 17:47:22 | 000,107,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/19 02:13:42 | 000,001,622 | ---- | M] () -- C:\Users\TheEarl\Desktop\to do.rtf
[2010/12/17 18:50:39 | 000,002,962 | ---- | M] () -- C:\Users\TheEarl\Desktop\Attach.zip
[2010/12/17 18:48:53 | 000,624,128 | ---- | M] () -- C:\Users\TheEarl\Desktop\dds.scr
[2010/12/17 18:48:05 | 000,000,907 | ---- | M] () -- C:\Users\TheEarl\Desktop\ERUNT.lnk
[2010/12/16 16:40:47 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/12/15 21:07:34 | 000,026,951 | ---- | M] () -- C:\Users\TheEarl\Desktop\147.docx
[2010/12/14 13:58:11 | 000,462,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/06 23:07:37 | 000,007,603 | ---- | M] () -- C:\Users\TheEarl\AppData\Local\Resmon.ResmonCfg
[2010/12/06 12:25:21 | 000,000,925 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/12/06 12:19:54 | 011,336,456 | ---- | M] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
[2010/12/06 12:10:45 | 491,238,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/05 13:57:26 | 000,001,675 | ---- | M] () -- C:\Users\TheEarl\AppData\Roaming\SAS7_000.DAT
[2010/12/02 08:18:39 | 000,011,285 | ---- | M] () -- C:\Users\TheEarl\Documents\1.docx
[2010/12/02 08:10:55 | 000,013,800 | ---- | M] () -- C:\Users\TheEarl\Documents\closing.docx
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/31 09:28:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/31 09:26:26 | 000,258,247 | ---- | C] () -- C:\Users\TheEarl\Desktop\Blue screens of death and certain programs won't run.pdf
[2010/12/27 15:45:49 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/12/27 15:44:52 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 15:44:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/12/27 15:44:51 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/17 18:50:39 | 000,002,962 | ---- | C] () -- C:\Users\TheEarl\Desktop\Attach.zip
[2010/12/17 18:48:53 | 000,624,128 | ---- | C] () -- C:\Users\TheEarl\Desktop\dds.scr
[2010/12/17 18:48:05 | 000,000,907 | ---- | C] () -- C:\Users\TheEarl\Desktop\ERUNT.lnk
[2010/12/16 16:40:14 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/12/15 18:49:23 | 000,026,951 | ---- | C] () -- C:\Users\TheEarl\Desktop\147.docx
[2010/12/09 10:39:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/12/09 10:39:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/12/09 10:39:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/12/06 23:07:37 | 000,007,603 | ---- | C] () -- C:\Users\TheEarl\AppData\Local\Resmon.ResmonCfg
[2010/12/02 08:18:38 | 000,011,285 | ---- | C] () -- C:\Users\TheEarl\Documents\1.docx
[2010/12/01 14:22:49 | 000,013,800 | ---- | C] () -- C:\Users\TheEarl\Documents\closing.docx
[2010/11/12 22:17:02 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/29 18:39:43 | 000,068,473 | ---- | C] () -- C:\Program Files (x86)\hminstalllog.txt
[2010/08/17 21:58:15 | 000,004,200 | ---- | C] () -- C:\Users\TheEarl\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/04/29 20:12:55 | 000,733,320 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/22 16:10:19 | 000,038,433 | ---- | C] () -- C:\Users\TheEarl\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/02/17 19:12:37 | 000,012,800 | ---- | C] () -- C:\Users\TheEarl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 23:47:27 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2010/01/16 22:32:28 | 000,000,393 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/15 18:10:17 | 000,001,675 | ---- | C] () -- C:\Users\TheEarl\AppData\Roaming\SAS7_000.DAT
[2010/01/14 01:47:41 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/01/14 01:47:40 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ==========
[2010/11/28 18:18:47 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\AVG10
[2010/10/25 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\BitTorrent
[2010/01/12 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Greyfirst
[2010/11/02 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\HandBrake
[2010/08/29 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\HEM Data
[2010/07/24 19:19:38 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\HW group
[2010/08/14 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Leawo
[2010/08/23 12:50:52 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\ManyCam
[2010/10/07 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Mikogo
[2010/01/15 17:35:14 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Nuance
[2010/01/10 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\OpenOffice.org
[2010/01/14 01:51:52 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\pdf995
[2010/07/24 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Tunngle
[2010/12/25 16:03:28 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/12/31 09:21:52 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2010/12/31 09:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
[2010/12/31 09:18:22 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
[2010/10/13 14:45:27 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:DDE29E40
< End of report >
OTL Extras logfile created on: 12/31/2010 9:46:34 AM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\TheEarl\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.85 Gb Total Space | 71.41 Gb Free Space | 30.67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 691.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: THEMOTHERSHIP | User Name: TheEarl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
"{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"AudibleDownloadManager" = Audible Download Manager
"Battle.net" = Battle.net
"BitTorrent" = BitTorrent
"Celtx (2.7)" = Celtx (2.7)
"Diablo" = Diablo
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Handbrake" = Handbrake 0.9.4
"HoldemManager" = Holdem Manager
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mikogo" = Mikogo
"Pdf995" = Pdf995
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"Quick Screen Capture 2.2_is1" = Quick Screen Capture 2.2
"Steam App 12130" = Manhunt
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 410" = Portal: The First Slice
"Steam App 6000" = Star Wars Republic Commando
"Steam App 8980" = Borderlands
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.0.3
"War2Combat_is1" = War2Combat 3.05
"Warcraft II BNE" = Warcraft II BNE
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"RockMelt" = RockMelt
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/25/2010 4:10:13 AM | Computer Name = TheMothership | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19391
Error - 12/25/2010 4:10:13 AM | Computer Name = TheMothership | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19391
Error - 12/25/2010 7:08:26 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
Description =
Error - 12/25/2010 8:08:26 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
Description =
Error - 12/25/2010 9:08:26 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
Description =
Error - 12/26/2010 1:45:38 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
Description =
Error - 12/26/2010 4:30:11 PM | Computer Name = TheMothership | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4c525184 Faulting module name: vstdlib.dll, version: 0.0.0.0, time stamp: 0x4c6ca968
Exception
code: 0xc0000005 Fault offset: 0x0000204e Faulting process id: 0x10d0 Faulting application
start time: 0x01cba53b7c1b96f8 Faulting application path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\hl2.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\bin\vstdlib.dll
Report
Id: ef64e672-112e-11e0-9442-00265edc96e5
Error - 12/27/2010 3:53:54 AM | Computer Name = TheMothership | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4c525184 Faulting module name: vstdlib.dll, version: 0.0.0.0, time stamp: 0x4c6ca968
Exception
code: 0xc0000005 Fault offset: 0x0000204e Faulting process id: 0x11e4 Faulting application
start time: 0x01cba59ad9737f8f Faulting application path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\hl2.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\bin\vstdlib.dll
Report
Id: 73410c0d-118e-11e0-9442-00265edc96e5
Error - 12/27/2010 1:14:21 PM | Computer Name = TheMothership | Source = MsiInstaller | ID = 10005
Description =
Error - 12/31/2010 11:18:20 AM | Computer Name = TheMothership | Source = Google Update | ID = 20
Description =
[ OSession Events ]
Error - 2/12/2010 10:26:13 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
seconds with 60 seconds of active time. This session ended with a crash.
Error - 2/12/2010 10:33:19 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 144
seconds with 120 seconds of active time. This session ended with a crash.
Error - 3/11/2010 4:55:37 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 394
seconds with 180 seconds of active time. This session ended with a crash.
Error - 5/1/2010 12:26:41 AM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 29620
seconds with 8580 seconds of active time. This session ended with a crash.
Error - 5/4/2010 11:30:09 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 208453
seconds with 34560 seconds of active time. This session ended with a crash.
Error - 11/19/2010 4:51:30 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 70303
seconds with 4920 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/19/2010 10:01:16 PM | Computer Name = TheMothership | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 11/20/2010 1:21:34 AM | Computer Name = TheMothership | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
Error - 11/21/2010 7:20:07 PM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 11/21/2010 7:20:32 PM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 11/21/2010 7:21:32 PM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056
Error - 11/25/2010 2:05:58 AM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.
Error - 11/25/2010 2:05:58 AM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
Error - 11/25/2010 3:29:30 AM | Computer Name = TheMothership | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom2.
Error - 11/25/2010 4:06:29 AM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 11/26/2010 1:03:26 AM | Computer Name = TheMothership | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom2.
< End of report >
Hi,
Your logs are clean, but what I am seeing could possibly be a bad hard disk.
These two files are from Absolute Software Corp, they where flagged as bad by Malwarebytes and where checked and determined to be false positives, Malwarebytes has since corrected this and these files are not removed any longer
rcpnetp.exe
rcpnetp.dll
autochk.exe <--This file is related to chkdisk and appears to be corrupted.
There also appears to be corruption in a few other areas, also with what your saying about blue screens and chkdisk running.
Also, its possible that a virus has corrupted those files, I would like you to run this tool by Symantec and see what it turns up. If this Virus is not present than I can link you to a windows forum for help as we just do malware removal on this one. I also would suggest at this point to back up any pictures and documents that you dont want to lose.
Virut Removal Tool
http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99
Thanks for your help. Virut was not found.
One last scan before I link you to a windows forum.
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) or from Here. (http://www.kaspersky.com/virusscanner)
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
Got the following error message:
Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
Kaspersky has been a bit finicky lately, lets try ESET
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
One threat found:
C:\Program Files (x86)\Steam\steamapps\common\max payne\testapp.exe probably a variant of Win32/PSW.LdPinch.HGDDABK trojan cleaned by deleting - quarantined
The log file contained the following:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Lets check for Rootkit
Scan With RootKitUnHooker
Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Error loading driver, NTSTATUS code: 0xC000036B
I am sure these are ok but lets give them a doublecheck
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again
C:\Windows\SysNative\rpcnetp.exe
C:\Windows\SysWow64\rpcnetp.dll
C:\Windows\SysWow64\rpcnetp.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
system32\rpcnetp.exe
AhnLab-V3 2011.01.05.00 2011.01.04 -
AntiVir 7.11.1.34 2011.01.05 -
Antiy-AVL 2.0.3.7 2011.01.05 -
Avast 4.8.1351.0 2011.01.05 -
Avast5 5.0.677.0 2011.01.05 -
AVG 9.0.0.851 2011.01.05 -
BitDefender 7.2 2011.01.05 -
CAT-QuickHeal 11.00 2011.01.05 -
ClamAV 0.96.4.0 2011.01.05 -
Command 5.2.11.5 2011.01.05 -
Comodo 7302 2011.01.05 -
DrWeb 5.0.2.03300 2011.01.05 -
Emsisoft 5.1.0.1 2011.01.05 -
eSafe 7.0.17.0 2011.01.05 -
eTrust-Vet 36.1.8082 2011.01.05 -
F-Prot 4.6.2.117 2011.01.05 -
F-Secure 9.0.16160.0 2011.01.05 -
Fortinet 4.2.254.0 2011.01.05 -
GData 21 2011.01.05 -
Ikarus T3.1.1.90.0 2011.01.05 -
Jiangmin 13.0.900 2011.01.05 -
K7AntiVirus 9.75.3448 2011.01.05 -
Kaspersky 7.0.0.125 2011.01.05 -
McAfee 5.400.0.1158 2011.01.05 -
McAfee-GW-Edition 2010.1C 2011.01.05 -
Microsoft 1.6402 2011.01.05 -
NOD32 5762 2011.01.05 -
Norman 6.06.12 2011.01.05 -
nProtect 2011-01-05.01 2011.01.05 -
Panda 10.0.2.7 2011.01.05 -
PCTools 7.0.3.5 2011.01.04 -
Prevx 3.0 2011.01.05 -
Rising 22.81.02.03 2011.01.05 -
Sophos 4.60.0 2011.01.05 -
SUPERAntiSpyware 4.40.0.1006 2011.01.05 -
Symantec 20101.3.0.103 2011.01.05 -
TheHacker 6.7.0.1.110 2011.01.03 -
TrendMicro 9.120.0.1004 2011.01.05 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.05 -
VBA32 3.12.14.2 2011.01.05 -
VIPRE 7964 2011.01.05 -
ViRobot 2011.1.5.4238 2011.01.05 -
VirusBuster 13.6.130.0 2011.01.05 -
Additional informationShow all
MD5 : f3d7f4487e119cc81f2593a1b5f46c60
SHA1 : a8ffe2ba597baa102363db87d0ea5973172bd842
SHA256: 454d8866efabd362514751495bd1904da35b88f460a38c86ce66a3535a0f5347
ssdeep: 384:qdzqhlwAFvItuCgq1Uko31362AhHMw5NqS5ovfEDWW:qYh/wtuCf2ko31rAtrqnvfED
File size : 17920 bytes
First seen: 2009-11-07 19:32:56
Last seen : 2011-01-05 18:31:22
TrID:
Clipper DOS Executable (33.5%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.2%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2D33
timedatestamp....: 0x4AA64AA6 (Tue Sep 08 12:14:30 2009)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3656, 0x3800, 6.28, bd5f969a91fc3d21288a7cc2eff0973f
.data, 0x5000, 0x1B0, 0x200, 0.44, add2dea5f5d22802d5094bfb9a1c2d66
.cdata, 0x6000, 0x23C, 0x400, 1.38, 73024c065a38cff8621719054485aad7
.reloc, 0x7000, 0x344, 0x400, 5.86, ddc2acf91f7cf7147d7b05373b85d064
[[ 5 import(s) ]]
ADVAPI32.dll: RegQueryValueExA, DuplicateTokenEx, CreateProcessAsUserA, RegisterServiceCtrlHandlerA, RegOpenKeyA, RegCloseKey, RegDeleteValueA, StartServiceCtrlDispatcherA, RegEnumValueA, SetServiceStatus, OpenProcessToken, SetTokenInformation
KERNEL32.dll: LocalAlloc, VirtualAllocEx, FreeLibrary, SetThreadPriority, SetStdHandle, GetVersion, RtlUnwind, LoadLibraryA, ResumeThread, CreateProcessA, LocalFree, CloseHandle, VirtualFreeEx, ReadFile, EnterCriticalSection, CreateFileA, TerminateProcess, lstrlenA, GetStdHandle, GetCurrentThreadId, GetSystemDirectoryA, OpenProcess, GetCurrentProcessId, SetEvent, LeaveCriticalSection, CreateEventA, GetOverlappedResult, GetLastError, ExitThread, CreateThread, WriteProcessMemory, ExitProcess, GetModuleHandleA, GetProcAddress, lstrcatA, ReadProcessMemory, lstrcmpiA, DeleteCriticalSection, WaitForSingleObject, CreateRemoteThread, WriteFile, InitializeCriticalSection, WaitForMultipleObjects, lstrcpyA, RaiseException, CopyFileA, TerminateThread, GetModuleFileNameA, GetExitCodeThread, SetFilePointer, ResetEvent, Sleep
USER32.dll: KillTimer, PostMessageA, GetMessageA, TranslateMessage, CreateWindowExA, RegisterClassA, DispatchMessageA, PostThreadMessageA, PostQuitMessage, DefWindowProcA, wsprintfA, SetTimer, PeekMessageA
WSOCK32.dll: -, -, -, -
USERENV.dll: CreateEnvironmentBlock
[[ 1 export(s) ]]
rpcnetp
ExifTool:
file metadata
Error: File format error
FileSize: 18 kB
Symantec reputation:Suspicious.Insight
sysWOW64\rpcnetp.dll
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: rpcnetp.dll
Submission date: 2011-01-05 18:23:46 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.05.00 2011.01.04 -
AntiVir 7.11.1.34 2011.01.05 -
Antiy-AVL 2.0.3.7 2011.01.05 -
Avast 4.8.1351.0 2011.01.05 -
Avast5 5.0.677.0 2011.01.05 -
AVG 9.0.0.851 2011.01.05 -
BitDefender 7.2 2011.01.05 -
CAT-QuickHeal 11.00 2011.01.05 -
ClamAV 0.96.4.0 2011.01.05 -
Command 5.2.11.5 2011.01.05 -
Comodo 7302 2011.01.05 -
DrWeb 5.0.2.03300 2011.01.05 -
Emsisoft 5.1.0.1 2011.01.05 -
eSafe 7.0.17.0 2011.01.05 -
eTrust-Vet 36.1.8082 2011.01.05 -
F-Prot 4.6.2.117 2011.01.05 -
F-Secure 9.0.16160.0 2011.01.05 -
Fortinet 4.2.254.0 2011.01.05 -
GData 21 2011.01.05 -
Ikarus T3.1.1.90.0 2011.01.05 -
Jiangmin 13.0.900 2011.01.05 -
K7AntiVirus 9.75.3448 2011.01.05 -
Kaspersky 7.0.0.125 2011.01.05 -
McAfee 5.400.0.1158 2011.01.05 -
McAfee-GW-Edition 2010.1C 2011.01.05 -
Microsoft 1.6402 2011.01.05 -
NOD32 5762 2011.01.05 -
Norman 6.06.12 2011.01.05 -
nProtect 2011-01-05.01 2011.01.05 -
Panda 10.0.2.7 2011.01.05 -
PCTools 7.0.3.5 2011.01.04 -
Prevx 3.0 2011.01.05 -
Rising 22.81.02.03 2011.01.05 -
Sophos 4.60.0 2011.01.05 -
SUPERAntiSpyware 4.40.0.1006 2011.01.05 -
Symantec 20101.3.0.103 2011.01.05 -
TheHacker 6.7.0.1.110 2011.01.03 -
TrendMicro 9.120.0.1004 2011.01.05 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.05 -
VBA32 3.12.14.2 2011.01.05 -
VIPRE 7964 2011.01.05 -
ViRobot 2011.1.5.4238 2011.01.05 -
VirusBuster 13.6.130.0 2011.01.05 -
Additional informationShow all
MD5 : 29edfb09b08085b80d2715b4eaff97f5
SHA1 : 7277ea315ad82d99358fc5a311686b1857b9f126
SHA256: 0a48fd481cc5901b6a1608b58e55823d77cef5bd2897392f201a450af301292e
ssdeep: 384:KdzqhlwAFvItuCgq1Uko31362AhHMw5NqS5ovfEDWW:KYh/wtuCf2ko31rAtrqnvfED
File size : 17920 bytes
First seen: 2009-10-26 15:49:16
Last seen : 2011-01-05 18:23:46
TrID:
Clipper DOS Executable (33.5%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.2%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2D33
timedatestamp....: 0x4AA64AA6 (Tue Sep 08 12:14:30 2009)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3656, 0x3800, 6.28, bd5f969a91fc3d21288a7cc2eff0973f
.data, 0x5000, 0x1B0, 0x200, 0.44, add2dea5f5d22802d5094bfb9a1c2d66
.cdata, 0x6000, 0x23C, 0x400, 1.38, 73024c065a38cff8621719054485aad7
.reloc, 0x7000, 0x344, 0x400, 5.86, ddc2acf91f7cf7147d7b05373b85d064
[[ 5 import(s) ]]
ADVAPI32.dll: RegQueryValueExA, DuplicateTokenEx, CreateProcessAsUserA, RegisterServiceCtrlHandlerA, RegOpenKeyA, RegCloseKey, RegDeleteValueA, StartServiceCtrlDispatcherA, RegEnumValueA, SetServiceStatus, OpenProcessToken, SetTokenInformation
KERNEL32.dll: LocalAlloc, VirtualAllocEx, FreeLibrary, SetThreadPriority, SetStdHandle, GetVersion, RtlUnwind, LoadLibraryA, ResumeThread, CreateProcessA, LocalFree, CloseHandle, VirtualFreeEx, ReadFile, EnterCriticalSection, CreateFileA, TerminateProcess, lstrlenA, GetStdHandle, GetCurrentThreadId, GetSystemDirectoryA, OpenProcess, GetCurrentProcessId, SetEvent, LeaveCriticalSection, CreateEventA, GetOverlappedResult, GetLastError, ExitThread, CreateThread, WriteProcessMemory, ExitProcess, GetModuleHandleA, GetProcAddress, lstrcatA, ReadProcessMemory, lstrcmpiA, DeleteCriticalSection, WaitForSingleObject, CreateRemoteThread, WriteFile, InitializeCriticalSection, WaitForMultipleObjects, lstrcpyA, RaiseException, CopyFileA, TerminateThread, GetModuleFileNameA, GetExitCodeThread, SetFilePointer, ResetEvent, Sleep
USER32.dll: KillTimer, PostMessageA, GetMessageA, TranslateMessage, CreateWindowExA, RegisterClassA, DispatchMessageA, PostThreadMessageA, PostQuitMessage, DefWindowProcA, wsprintfA, SetTimer, PeekMessageA
WSOCK32.dll: -, -, -, -
USERENV.dll: CreateEnvironmentBlock
[[ 1 export(s) ]]
rpcnetp
ExifTool:
file metadata
Error: File format error
FileSize: 18 kB
Symantec reputation:Suspicious.Insight
SysWOw64\rpcnetp.exe
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: rpcnetp.exe
Submission date: 2011-01-05 18:26:21 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.05.00 2011.01.04 -
AntiVir 7.11.1.34 2011.01.05 -
Antiy-AVL 2.0.3.7 2011.01.05 -
Avast 4.8.1351.0 2011.01.05 -
Avast5 5.0.677.0 2011.01.05 -
AVG 9.0.0.851 2011.01.05 -
BitDefender 7.2 2011.01.05 -
CAT-QuickHeal 11.00 2011.01.05 -
ClamAV 0.96.4.0 2011.01.05 -
Command 5.2.11.5 2011.01.05 -
Comodo 7302 2011.01.05 -
DrWeb 5.0.2.03300 2011.01.05 -
Emsisoft 5.1.0.1 2011.01.05 -
eSafe 7.0.17.0 2011.01.05 -
eTrust-Vet 36.1.8082 2011.01.05 -
F-Prot 4.6.2.117 2011.01.05 -
F-Secure 9.0.16160.0 2011.01.05 -
Fortinet 4.2.254.0 2011.01.05 -
GData 21 2011.01.05 -
Ikarus T3.1.1.90.0 2011.01.05 -
Jiangmin 13.0.900 2011.01.05 -
K7AntiVirus 9.75.3448 2011.01.05 -
Kaspersky 7.0.0.125 2011.01.05 -
McAfee 5.400.0.1158 2011.01.05 -
McAfee-GW-Edition 2010.1C 2011.01.05 -
Microsoft 1.6402 2011.01.05 -
NOD32 5762 2011.01.05 -
Norman 6.06.12 2011.01.05 -
nProtect 2011-01-05.01 2011.01.05 -
Panda 10.0.2.7 2011.01.05 -
PCTools 7.0.3.5 2011.01.04 -
Prevx 3.0 2011.01.05 -
Rising 22.81.02.03 2011.01.05 -
Sophos 4.60.0 2011.01.05 -
SUPERAntiSpyware 4.40.0.1006 2011.01.05 -
TheHacker 6.7.0.1.110 2011.01.03 -
TrendMicro 9.120.0.1004 2011.01.05 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.05 -
VBA32 3.12.14.2 2011.01.05 -
VIPRE 7964 2011.01.05 -
ViRobot 2011.1.5.4238 2011.01.05 -
VirusBuster 13.6.130.0 2011.01.05 -
Additional informationShow all
MD5 : f3d7f4487e119cc81f2593a1b5f46c60
SHA1 : a8ffe2ba597baa102363db87d0ea5973172bd842
SHA256: 454d8866efabd362514751495bd1904da35b88f460a38c86ce66a3535a0f5347
ssdeep: 384:qdzqhlwAFvItuCgq1Uko31362AhHMw5NqS5ovfEDWW:qYh/wtuCf2ko31rAtrqnvfED
File size : 17920 bytes
First seen: 2009-11-07 19:32:56
Last seen : 2011-01-05 18:26:21
TrID:
Clipper DOS Executable (33.5%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.2%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2D33
timedatestamp....: 0x4AA64AA6 (Tue Sep 08 12:14:30 2009)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3656, 0x3800, 6.28, bd5f969a91fc3d21288a7cc2eff0973f
.data, 0x5000, 0x1B0, 0x200, 0.44, add2dea5f5d22802d5094bfb9a1c2d66
.cdata, 0x6000, 0x23C, 0x400, 1.38, 73024c065a38cff8621719054485aad7
.reloc, 0x7000, 0x344, 0x400, 5.86, ddc2acf91f7cf7147d7b05373b85d064
[[ 5 import(s) ]]
ADVAPI32.dll: RegQueryValueExA, DuplicateTokenEx, CreateProcessAsUserA, RegisterServiceCtrlHandlerA, RegOpenKeyA, RegCloseKey, RegDeleteValueA, StartServiceCtrlDispatcherA, RegEnumValueA, SetServiceStatus, OpenProcessToken, SetTokenInformation
KERNEL32.dll: LocalAlloc, VirtualAllocEx, FreeLibrary, SetThreadPriority, SetStdHandle, GetVersion, RtlUnwind, LoadLibraryA, ResumeThread, CreateProcessA, LocalFree, CloseHandle, VirtualFreeEx, ReadFile, EnterCriticalSection, CreateFileA, TerminateProcess, lstrlenA, GetStdHandle, GetCurrentThreadId, GetSystemDirectoryA, OpenProcess, GetCurrentProcessId, SetEvent, LeaveCriticalSection, CreateEventA, GetOverlappedResult, GetLastError, ExitThread, CreateThread, WriteProcessMemory, ExitProcess, GetModuleHandleA, GetProcAddress, lstrcatA, ReadProcessMemory, lstrcmpiA, DeleteCriticalSection, WaitForSingleObject, CreateRemoteThread, WriteFile, InitializeCriticalSection, WaitForMultipleObjects, lstrcpyA, RaiseException, CopyFileA, TerminateThread, GetModuleFileNameA, GetExitCodeThread, SetFilePointer, ResetEvent, Sleep
USER32.dll: KillTimer, PostMessageA, GetMessageA, TranslateMessage, CreateWindowExA, RegisterClassA, DispatchMessageA, PostThreadMessageA, PostQuitMessage, DefWindowProcA, wsprintfA, SetTimer, PeekMessageA
WSOCK32.dll: -, -, -, -
USERENV.dll: CreateEnvironmentBlock
[[ 1 export(s) ]]
rpcnetp
ExifTool:
file metadata
Error: File format error
FileSize: 18 kB
Those files are fine
See if you can run this program, if it wont run you can try it in safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ComboFix 11-01-05.02 - TheEarl 01/05/2011 22:40:22.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4091.2905 [GMT -6:00]
Running from: c:\users\TheEarl\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\users\TheEarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.leawo.com_favicon.ico
c:\users\TheEarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.lepak.tv_favicon.ico
c:\users\TheEarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.youtube.com_favicon.ico
.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.
2011-01-06 04:46 . 2011-01-06 04:46 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-01-06 04:46 . 2011-01-06 04:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-05 17:44 . 2011-01-05 18:38 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-05 07:09 . 2011-01-05 07:09 -------- d-----w- c:\users\TheEarl\AppData\Local\Bit.Trip Beat
2011-01-05 04:42 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-01-05 04:42 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-01-05 04:37 . 2011-01-05 04:42 -------- d--h--w- c:\windows\msdownld.tmp
2011-01-05 04:24 . 2011-01-05 04:24 -------- d-----w- c:\users\TheEarl\AppData\Roaming\Beat Hazard
2011-01-05 00:57 . 2011-01-05 00:57 -------- d-----w- c:\program files (x86)\ESET
2010-12-31 19:47 . 2010-12-31 19:47 -------- d-----w- c:\users\TheEarl\AppData\Local\Apple
2010-12-31 19:47 . 2010-12-31 19:47 -------- d-----w- c:\users\TheEarl\AppData\Local\Apple Computer
2010-12-31 15:36 . 2010-12-31 15:36 -------- d-----w- c:\users\TheEarl\AppData\Local\Adobe
2010-12-31 15:28 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-31 15:23 . 2010-11-16 18:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD004638-4AB4-4635-804F-0A04160E4B15}\mpengine.dll
2010-12-27 21:45 . 2011-01-02 04:33 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-27 21:45 . 2010-12-27 21:45 -------- d-----w- c:\users\TheEarl\AppData\Local\PunkBuster
2010-12-25 03:07 . 2010-12-25 03:07 -------- d-----w- c:\users\TheEarl\AppData\Local\Windows Live
2010-12-25 03:07 . 2010-12-25 03:07 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-25 03:06 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-12-25 03:06 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-12-25 03:06 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-12-25 03:05 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-25 03:05 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-25 03:05 . 2010-01-18 23:29 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2010-12-25 03:05 . 2010-01-18 23:29 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2010-12-25 03:05 . 2010-01-18 23:29 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2010-12-25 03:05 . 2010-01-18 23:29 369152 ----a-w- c:\windows\SysWow64\secproc.dll
2010-12-25 03:05 . 2010-01-18 23:28 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2010-12-25 03:05 . 2010-01-18 23:28 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2010-12-25 03:05 . 2010-01-18 23:28 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
2010-12-25 03:05 . 2010-01-18 23:28 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2010-12-16 22:40 . 2010-11-16 23:45 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2010-12-16 22:40 . 2010-11-16 23:45 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2010-12-16 22:40 . 2010-12-16 22:40 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2010-12-16 22:40 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2010-12-16 22:40 . 2010-12-16 22:40 -------- d-----w- c:\program files (x86)\Zone Labs
2010-12-09 16:39 . 2011-01-06 04:23 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2010-12-09 16:39 . 2011-01-06 04:23 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 04:23 . 2010-01-08 21:39 57752 ----a-w- c:\windows\SysWow64\rpcnet.dll
2010-12-06 18:19 . 2010-12-06 18:19 11336456 ----a-w- c:\programdata\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
2010-11-14 02:39 . 2010-01-17 04:32 340 ----a-w- c:\windows\wininit.tmp
2010-11-13 00:53 . 2010-05-01 06:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-14 07:36 . 2010-10-14 07:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 07:36 . 2010-10-14 07:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\TheEarl\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-09 135664]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-25 1242448]
"RockMelt Update"="c:\users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2010-11-26 136336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files (x86)\Mozy\mozystat.exe [2010-11-8 4832056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 136176]
R3 B-Service;B-Service;c:\users\TheEarl\AppData\Roaming\Mikogo\B-Service.exe [2010-10-07 185640]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\DRIVERS\evserial.sys [2008-05-19 67072]
R3 Normandy;Normandy SR2; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\DRIVERS\evsbc.sys [2008-05-19 32768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1255736]
S0 DLACDBHE;DLACDBHE;c:\windows\System32\Drivers\DLACDBHE.SYS [2007-07-23 17776]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2007-07-23 124112]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2007-07-23 41072]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\Drivers\DLABMFSE.SYS [2007-07-23 46448]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\Drivers\DLABOIOE.SYS [2007-07-23 42352]
S2 DLADResE;DLADResE;c:\windows\system32\Drivers\DLADResE.SYS [2007-07-23 9968]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\Drivers\DLAIFS_E.SYS [2007-07-23 146672]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\Drivers\DLAOPIOE.SYS [2007-07-23 35056]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\Drivers\DLAPoolE.SYS [2007-07-23 19824]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\Drivers\DLAUDF_E.SYS [2007-07-23 144112]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\Drivers\DLAUDFAE.SYS [2007-07-23 135152]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2007-07-23 63984]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
Contents of the 'Scheduled Tasks' folder
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 00:24]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 00:24]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
- c:\users\TheEarl\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 00:40]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
- c:\users\TheEarl\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 00:40]
2011-01-01 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 01:45]
2011-01-05 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 01:45]
2011-01-05 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
- c:\users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-26 05:03]
2011-01-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
- c:\users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-26 05:03]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 22:06 4345144 ----a-w- c:\program files (x86)\Mozy\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 22:06 4345144 ----a-w- c:\program files (x86)\Mozy\mozyshell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 309248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-11 16328736]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-11 93728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://share.law.northwestern.edu/jclc/default.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4210094983-2902076926-636801332-1001\Software\SecuROM\License information*]
"datasecu"=hex:46,fb,21,13,39,81,62,09,5a,e6,45,32,f7,6e,33,e7,cc,d1,27,36,e0,
7c,13,30,60,97,7e,8c,46,77,09,c7,60,10,69,d1,66,ef,60,e1,85,24,7f,5e,e4,e2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-05 22:56:35
ComboFix-quarantined-files.txt 2011-01-06 04:56
Pre-Run: 74,523,205,632 bytes free
Post-Run: 75,613,544,448 bytes free
- - End Of File - - FDAB5B6825CFFE7820F306B78D4D5018
Not to much removed. How are things running now ?
Haven't had a blue screen of death, but programs still acting up. Tried reinstalling photoshop (one of the programs consistently freezing) but no change. Chkdsk still won't work either. :(
Hi,
http://forums.whatthetech.com/index.php?showforum=119
All us forums work together, why don't you post here for your windows problems and see if they can help you. If they feel its still malware related post back and we can dig deeper. You can link them to this thread so they can see what we have done.
Ken
Your welcome, keep me posted please