Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Playing Random Audio


  • This topic is locked This topic is locked
16 replies to this topic

#1 MikeCarnage

MikeCarnage

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 10 August 2010 - 09:22 AM

Hello all,

Thanks for taking time to read this. I am baffled and I could really use some help.

So, I will be sitting at my computer, and say playing a game, when out of no where I hear music, or a commercial. So the first thing I do is check my Volume Mixer, and I notice that Internet Explorer is playing sound... But internet Explorer isnt open?!?!

I am pretty sure I have a virus. I did a scan a little while back, thought I picked up everything... But aparantly not..

Here is my Hijackthis log.

Any help would be appreciated


EDIT: I have just noticed the Explorer.EXE file and am suspicous of the capital EXE at the end of the file..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:00 AM, on 10/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PS3 Media Server.lnk = C:\Program Files\PS3 Media Server\PMS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-ca.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_test.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUplden-ca.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Update Service (gupdate1c9a4b7a4836b45) (gupdate1c9a4b7a4836b45) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12587 bytes

Edited by Orange Blossom, 10 August 2010 - 05:25 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 17 August 2010 - 09:25 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 17 August 2010 - 10:20 PM

Thank you for getting back to me. I don't mind it took a while, I'm just glad I can finally get some answers.
It still happens randomly so here are the logs you requested

OTListIt.txt

OTL Extras logfile created on: 17/08/2010 10:59:44 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Mike Carnage\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.88 Gb Total Space | 38.45 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 30.18 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 149.81 Gb Free Space | 50.26% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1397.26 Gb Total Space | 559.93 Gb Free Space | 40.07% Space Free | Partition Type: NTFS

Computer Name: MIKEC
Current User Name: Mike Carnage
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DisabledInterfaces" = {A2676BDD-F556-4C7D-9EE7-DA2D6E0A59F9}
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BC2F69-ED14-4A49-8B7F-96C74A652543}" = Realtime Landscaping Architect 2
"{56BAE3D4-BF37-44EE-9B1F-EB58EFF86A9D}" = LabSim
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B4F13B0-62C4-4F70-B9A6-3788196EC972}" = GBalph NDSMovie Converter V1.00
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96EF451E-A402-44D8-BAEE-D70D558A4122}" = Ultra Hal Text-to-Speech Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF225 USB to SATA Bridge 98 Driver Installer
"{AB5E5711-5016-418A-942C-2D218F920E9F}" = Painkiller Black
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.7
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4FA693E-8B77-405A-B3B0-607615656FFC}" = VistaPro4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Age of Wonders II" = Age of Wonders II
"AIM_6" = AIM 6
"ALchemy" = Creative ALchemy
"AstrumNival Allods" = Allods Online 1.0.05.42
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"AVG9Uninstall" = AVG Free 9.0
"Battlefield Stats Viewer_is1" = BfSV 0.96
"BitComet" = BitComet 1.20
"BurnInTest_is1" = BurnInTest v5.3 Pro
"Camfrog 5.3" = Camfrog Video Chat 5.3
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Defraggler" = Defraggler
"Diablo" = Diablo
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.7
"DualCoreCenter_is1" = DualCoreCenter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"gBurner" = gBurner
"Gmask 1.70 English" = Gmask 1.70 English
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Google Updater" = Google Updater
"Host OpenAL" = Host OpenAL
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LimeWire" = LimeWire PRO 5.0.11
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Morphyre" = Morphyre
"MSNRecorderMax" = MSN Recorder Max
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock Plus" = ObjectDock Plus
"Painkiller Overdose_is1" = Painkiller Overdose build 75 (NA)
"PFPortChecker" = PFPortChecker 1.0.28
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Q3E Minimizer_is1" = Q3E Minimizer v1.51
"QuickSFV" = QuickSFV (Remove only)
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"SoundTaxi_is1" = SoundTaxi 3.4.2
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 41510" = Torchlight - Demo
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VoipBuster_is1" = VoipBuster
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Extras.txt
OTL Extras logfile created on: 17/08/2010 10:59:44 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Mike Carnage\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.88 Gb Total Space | 38.45 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 30.18 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 149.81 Gb Free Space | 50.26% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1397.26 Gb Total Space | 559.93 Gb Free Space | 40.07% Space Free | Partition Type: NTFS

Computer Name: MIKEC
Current User Name: Mike Carnage
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DisabledInterfaces" = {A2676BDD-F556-4C7D-9EE7-DA2D6E0A59F9}
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BC2F69-ED14-4A49-8B7F-96C74A652543}" = Realtime Landscaping Architect 2
"{56BAE3D4-BF37-44EE-9B1F-EB58EFF86A9D}" = LabSim
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B4F13B0-62C4-4F70-B9A6-3788196EC972}" = GBalph NDSMovie Converter V1.00
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96EF451E-A402-44D8-BAEE-D70D558A4122}" = Ultra Hal Text-to-Speech Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF225 USB to SATA Bridge 98 Driver Installer
"{AB5E5711-5016-418A-942C-2D218F920E9F}" = Painkiller Black
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.7
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4FA693E-8B77-405A-B3B0-607615656FFC}" = VistaPro4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Age of Wonders II" = Age of Wonders II
"AIM_6" = AIM 6
"ALchemy" = Creative ALchemy
"AstrumNival Allods" = Allods Online 1.0.05.42
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"AVG9Uninstall" = AVG Free 9.0
"Battlefield Stats Viewer_is1" = BfSV 0.96
"BitComet" = BitComet 1.20
"BurnInTest_is1" = BurnInTest v5.3 Pro
"Camfrog 5.3" = Camfrog Video Chat 5.3
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Defraggler" = Defraggler
"Diablo" = Diablo
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.7
"DualCoreCenter_is1" = DualCoreCenter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"gBurner" = gBurner
"Gmask 1.70 English" = Gmask 1.70 English
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Google Updater" = Google Updater
"Host OpenAL" = Host OpenAL
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LimeWire" = LimeWire PRO 5.0.11
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Morphyre" = Morphyre
"MSNRecorderMax" = MSN Recorder Max
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock Plus" = ObjectDock Plus
"Painkiller Overdose_is1" = Painkiller Overdose build 75 (NA)
"PFPortChecker" = PFPortChecker 1.0.28
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Q3E Minimizer_is1" = Q3E Minimizer v1.51
"QuickSFV" = QuickSFV (Remove only)
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"SoundTaxi_is1" = SoundTaxi 3.4.2
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 41510" = Torchlight - Demo
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VoipBuster_is1" = VoipBuster
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


GMER REPORT

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-17 23:17:41
Windows 6.1.7600
Running: ytrexpmf.exe; Driver: C:\Users\MIKECA~1\AppData\Local\Temp\pxldypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E32172D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) E322F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD E2E47599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E2E6BF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9D35CC9D 28 Bytes [4F, 58, CA, 9D, 7A, F6, 49, ...]
.text peauth.sys 9D35CCC1 28 Bytes [4F, 58, CA, 9D, 7A, F6, 49, ...]
PAGE peauth.sys 9D362B9B 72 Bytes CALL 36E3D81B
PAGE peauth.sys 9D362BEC 111 Bytes [D0, 85, 45, D3, 50, 2E, 59, ...]
PAGE peauth.sys 9D362E20 101 Bytes [A4, 82, 8B, E0, CD, A8, 79, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtCreateFile + 6 76FE4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtCreateFile + B 76FE4A3B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtMapViewOfSection + 6 76FE5096 1 Byte [28]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtMapViewOfSection + 6 76FE5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtMapViewOfSection + B 76FE509B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenFile + 6 76FE5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenFile + B 76FE514B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenProcess + 6 76FE51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenProcess + B 76FE51FB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenProcessToken + 6 76FE5206 4 Bytes CALL 75FE590C C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenProcessToken + B 76FE520B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenProcessTokenEx + B 76FE521B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenThread + 6 76FE5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenThread + B 76FE527B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenThreadToken + 6 76FE5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenThreadToken + B 76FE528B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5296 4 Bytes CALL 75FE599D C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtOpenThreadTokenEx + B 76FE529B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtQueryAttributesFile + 6 76FE53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtQueryAttributesFile + B 76FE53AB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5456 4 Bytes CALL 75FE5B5B C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtQueryFullAttributesFile + B 76FE545B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtSetInformationFile + 6 76FE5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtSetInformationFile + B 76FE5AAB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtSetInformationThread + 6 76FE5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtSetInformationThread + B 76FE5B0B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 1 Byte [68]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[212] ntdll.dll!NtUnmapViewOfSection + B 76FE5E2B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtCreateFile + 6 76FE4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtCreateFile + B 76FE4A3B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtMapViewOfSection + 6 76FE5096 1 Byte [28]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtMapViewOfSection + 6 76FE5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtMapViewOfSection + B 76FE509B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenFile + 6 76FE5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenFile + B 76FE514B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcess + 6 76FE51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcess + B 76FE51FB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcessToken + 6 76FE5206 4 Bytes CALL 75FE590C C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcessToken + B 76FE520B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcessTokenEx + B 76FE521B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenThread + 6 76FE5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenThread + B 76FE527B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenThreadToken + 6 76FE5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenThreadToken + B 76FE528B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5296 4 Bytes CALL 75FE599D C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenThreadTokenEx + B 76FE529B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtQueryAttributesFile + 6 76FE53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtQueryAttributesFile + B 76FE53AB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5456 4 Bytes CALL 75FE5B5B C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtQueryFullAttributesFile + B 76FE545B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetInformationFile + 6 76FE5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetInformationFile + B 76FE5AAB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetInformationThread + 6 76FE5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetInformationThread + B 76FE5B0B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 1 Byte [68]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtUnmapViewOfSection + B 76FE5E2B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtCreateFile + 6 76FE4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtCreateFile + B 76FE4A3B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtMapViewOfSection + 6 76FE5096 1 Byte [28]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtMapViewOfSection + 6 76FE5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtMapViewOfSection + B 76FE509B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenFile + 6 76FE5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenFile + B 76FE514B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenProcess + 6 76FE51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenProcess + B 76FE51FB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenProcessToken + 6 76FE5206 4 Bytes CALL 75FE590C C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenProcessToken + B 76FE520B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenProcessTokenEx + B 76FE521B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenThread + 6 76FE5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenThread + B 76FE527B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenThreadToken + 6 76FE5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenThreadToken + B 76FE528B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5296 4 Bytes CALL 75FE599D C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtOpenThreadTokenEx + B 76FE529B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtQueryAttributesFile + 6 76FE53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtQueryAttributesFile + B 76FE53AB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5456 4 Bytes CALL 75FE5B5B C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtQueryFullAttributesFile + B 76FE545B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtSetInformationFile + 6 76FE5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtSetInformationFile + B 76FE5AAB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtSetInformationThread + 6 76FE5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtSetInformationThread + B 76FE5B0B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 1 Byte [68]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[4980] ntdll.dll!NtUnmapViewOfSection + B 76FE5E2B 1 Byte [E2]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!CreateWindowExW 75740E51 5 Bytes JMP 6DF48157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!DialogBoxIndirectParamW 75764AA7 5 Bytes JMP 6E06F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!DialogBoxParamW 7576564A 5 Bytes JMP 6DE64BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!DialogBoxParamA 7577CF6A 5 Bytes JMP 6E06F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!DialogBoxIndirectParamA 7577D29C 5 Bytes JMP 6E06F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!MessageBoxIndirectA 7578E8C9 5 Bytes JMP 6E06F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!MessageBoxIndirectW 7578E9C3 5 Bytes JMP 6E06F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!MessageBoxExA 7578EA29 5 Bytes JMP 6E06F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5092] USER32.dll!MessageBoxExW 7578EA4D 5 Bytes JMP 6E06F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 6DF5835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!CallNextHookEx 7573CC8F 5 Bytes JMP 6DF39D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!CreateWindowExW 75740E51 5 Bytes JMP 6DF48157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 6DEF4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!DialogBoxIndirectParamW 75764AA7 5 Bytes JMP 6E06F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!DialogBoxParamW 7576564A 5 Bytes JMP 6DE64BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!DialogBoxParamA 7577CF6A 5 Bytes JMP 6E06F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!DialogBoxIndirectParamA 7577D29C 5 Bytes JMP 6E06F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!MessageBoxIndirectA 7578E8C9 5 Bytes JMP 6E06F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!MessageBoxIndirectW 7578E9C3 5 Bytes JMP 6E06F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!MessageBoxExA 7578EA29 5 Bytes JMP 6E06F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] USER32.dll!MessageBoxExW 7578EA4D 5 Bytes JMP 6E06F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] ole32.dll!OleLoadFromStream 75DC5B88 5 Bytes JMP 6E06FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5228] ole32.dll!CoCreateInstance 75E157FC 5 Bytes JMP 6DF48C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtCreateFile + 6 76FE4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtCreateFile + B 76FE4A3B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtMapViewOfSection + 6 76FE5096 1 Byte [28]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtMapViewOfSection + 6 76FE5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtMapViewOfSection + B 76FE509B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenFile + 6 76FE5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenFile + B 76FE514B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcess + 6 76FE51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcess + B 76FE51FB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessToken + 6 76FE5206 4 Bytes CALL 75FE590C C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessToken + B 76FE520B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessTokenEx + B 76FE521B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThread + 6 76FE5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThread + B 76FE527B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadToken + 6 76FE5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadToken + B 76FE528B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5296 4 Bytes CALL 75FE599D C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadTokenEx + B 76FE529B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryAttributesFile + 6 76FE53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryAttributesFile + B 76FE53AB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5456 4 Bytes CALL 75FE5B5B C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryFullAttributesFile + B 76FE545B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationFile + 6 76FE5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationFile + B 76FE5AAB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationThread + 6 76FE5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationThread + B 76FE5B0B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 1 Byte [68]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtUnmapViewOfSection + B 76FE5E2B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + 6 76FE4A36 4 Bytes [28, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + B 76FE4A3B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 76FE5096 1 Byte [28]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 76FE5096 4 Bytes [28, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + B 76FE509B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + 6 76FE5146 4 Bytes [68, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + B 76FE514B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + 6 76FE51F6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + B 76FE51FB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + 6 76FE5206 4 Bytes CALL 75FE590C C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + B 76FE520B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5216 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + B 76FE521B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + 6 76FE5276 4 Bytes [68, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + B 76FE527B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + 6 76FE5286 4 Bytes [68, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + B 76FE528B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5296 4 Bytes CALL 75FE599D C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + B 76FE529B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + 6 76FE53A6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + B 76FE53AB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5456 4 Bytes CALL 75FE5B5B C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + B 76FE545B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + 6 76FE5AA6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + B 76FE5AAB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + 6 76FE5B06 4 Bytes [28, 02, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + B 76FE5B0B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 1 Byte [68]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 4 Bytes [68, 03, 07, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + B 76FE5E2B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtCreateFile + 6 76FE4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtCreateFile + B 76FE4A3B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtMapViewOfSection + 6 76FE5096 1 Byte [28]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtMapViewOfSection + 6 76FE5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtMapViewOfSection + B 76FE509B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenFile + 6 76FE5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenFile + B 76FE514B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcess + 6 76FE51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcess + B 76FE51FB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessToken + 6 76FE5206 4 Bytes CALL 75FE690C C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessToken + B 76FE520B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenProcessTokenEx + B 76FE521B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThread + 6 76FE5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThread + B 76FE527B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadToken + 6 76FE5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadToken + B 76FE528B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5296 4 Bytes CALL 75FE699D C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtOpenThreadTokenEx + B 76FE529B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryAttributesFile + 6 76FE53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryAttributesFile + B 76FE53AB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5456 4 Bytes CALL 75FE6B5B C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtQueryFullAttributesFile + B 76FE545B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationFile + 6 76FE5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationFile + B 76FE5AAB 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationThread + 6 76FE5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtSetInformationThread + B 76FE5B0B 1 Byte [E2]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 1 Byte [68]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtUnmapViewOfSection + 6 76FE5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe[6124] ntdll.dll!NtUnmapViewOfSection + B 76FE5E2B 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C12494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BF5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BF56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C1250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C08573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C04D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C08819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C0907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C0E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2336] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C04C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2672] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2672] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2672] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5376] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[5604] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75045E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 5092
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 5228

---- EOF - GMER 1.0.15 ----


#4 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 17 August 2010 - 10:38 PM

Side Note:
After these scans, I was on my computer for a bit then it started to bluscreen. I couldn't get into windows for 30 some odd minutes, until i did a system restore

I thought this might be relevant information

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 18 August 2010 - 04:22 AM

Yes, while system restore is not recommended, in this case it helped to restabilize things at least. From now on, please don't use it though.

Looks like we have a rootkit on our hands here.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 18 August 2010 - 09:44 AM

ComboFix 10-08-17.03 - Mike Carnage 18/08/2010 10:23:32.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.3071.2026 [GMT -4:00]
Running from: c:\users\Mike Carnage\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\users\Mike Carnage\AppData\Roaming\BITS
c:\users\Mike Carnage\AppData\Roaming\BITS\BITS.ini
c:\users\Mike Carnage\AppData\Roaming\BITS\DHTTable.dat
c:\users\Mike Carnage\AppData\Roaming\BITS\ProxyList.ini
c:\users\Mike Carnage\AppData\Roaming\FlashGetBHO
c:\users\Mike Carnage\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Mike Carnage\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
c:\users\Mike Carnage\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Mike Carnage\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\users\Mike Carnage\AppData\Roaming\inst.exe
c:\windows\system32\%appdata%
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\Startup.exe

.
\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 14:33 . 2010-08-18 14:35 -------- d-----w- c:\users\Mike Carnage\AppData\Local\temp
2010-08-18 14:33 . 2010-08-18 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 23:32 . 2010-08-18 07:32 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-10 14:14 . 2010-08-10 14:14 -------- d-----w- c:\program files\Trend Micro
2010-07-21 03:07 . 2010-07-21 03:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-07-21 03:06 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-21 03:06 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-07-21 03:06 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-21 03:06 . 2010-07-09 22:37 314984 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-07-21 03:06 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-21 03:06 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-21 03:06 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-07-21 03:06 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-07-21 03:06 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-21 03:06 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 07:32 . 2010-02-19 23:58 -------- d-----w- c:\programdata\PMB Files
2010-08-18 07:32 . 2008-09-09 17:06 -------- d-----w- c:\users\Mike Carnage\AppData\Roaming\Ventrilo
2010-08-18 03:37 . 2009-01-17 18:29 -------- d-----w- c:\programdata\Google Updater
2010-08-16 01:03 . 2009-11-28 12:25 400240 ----a-w- c:\windows\system32\prfh0404.dat
2010-08-16 01:03 . 2009-11-28 12:25 111052 ----a-w- c:\windows\system32\prfc0404.dat
2010-08-13 03:53 . 2008-08-04 01:29 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-12 01:39 . 2010-04-17 14:36 -------- d-----w- c:\programdata\Microsoft Help
2010-08-10 18:05 . 2010-03-05 00:18 -------- d-----w- c:\program files\Zynga
2010-08-10 14:14 . 2010-08-10 14:14 388096 ----a-r- c:\users\Mike Carnage\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 19:17 . 2008-08-02 03:24 -------- d-----w- c:\program files\Windows Live
2010-07-30 15:15 . 2010-03-02 02:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 01:32 . 2008-08-01 02:21 -------- d-----w- c:\programdata\NVIDIA
2010-07-29 06:30 . 2010-08-11 19:25 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 19:25 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 15:33 . 2008-08-07 23:52 -------- d-----w- c:\program files\Google
2010-07-22 01:11 . 2009-05-21 01:08 -------- d-----w- c:\users\Mike Carnage\AppData\Roaming\Vso
2010-07-21 03:08 . 2008-10-13 19:32 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-21 03:07 . 2008-08-05 15:55 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-21 03:07 . 2008-08-02 03:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-21 03:01 . 2008-09-08 15:24 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-21 00:26 . 2010-07-21 00:26 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 00:26 . 2010-07-21 00:26 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 00:26 . 2010-07-21 00:26 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 00:26 . 2010-07-21 00:26 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 01:18 . 2010-07-20 01:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-07-16 13:43 . 2009-02-02 02:57 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:43 . 2010-07-16 13:43 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:43 . 2008-08-03 14:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 22:37 . 2010-07-21 03:06 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2009-09-27 20:12 9818728 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2009-09-27 20:12 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:37 . 2009-09-27 20:12 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-07-09 22:37 . 2009-09-27 20:12 1625192 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:30 . 2010-06-03 22:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-09 22:30 . 2010-06-03 22:46 -------- d-----w- c:\programdata\DivX
2010-07-09 22:26 . 2010-07-09 22:26 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-09 22:26 . 2010-07-09 22:26 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-09 22:26 . 2008-08-08 14:06 -------- d-----w- c:\program files\DivX
2010-07-09 22:26 . 2010-07-09 22:26 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-09 22:26 . 2010-07-09 22:26 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-09 22:25 . 2010-06-03 22:48 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-09 22:25 . 2010-06-03 22:48 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 20:37 . 2010-07-09 20:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:37 . 2010-07-09 20:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:37 . 2010-07-09 20:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:37 . 2010-07-09 20:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-08 01:23 . 2010-07-08 01:22 -------- d-----w- c:\program files\Morphyre
2010-07-07 17:46 . 2010-02-25 02:18 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-03 00:44 . 2010-07-03 00:00 -------- d-----w- c:\users\Mike Carnage\AppData\Roaming\Skype
2010-07-03 00:03 . 2010-07-03 00:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-03 00:03 . 2010-07-03 00:03 -------- d-----w- c:\users\Mike Carnage\AppData\Roaming\skypePM
2010-07-03 00:00 . 2010-07-03 00:00 -------- d-----r- c:\program files\Skype
2010-07-03 00:00 . 2010-07-03 00:00 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 00:00 . 2009-12-20 15:22 -------- d-----w- c:\programdata\Skype
2010-07-02 02:09 . 2009-10-24 14:22 -------- d-----w- c:\program files\Eufloria
2010-06-30 06:25 . 2010-08-11 19:25 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-25 13:27 . 2010-04-17 14:40 -------- d-----w- c:\program files\Microsoft.NET
2010-06-22 02:47 . 2010-08-11 19:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 19:25 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 19:25 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 19:25 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 19:25 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 19:25 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 19:25 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 19:25 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 19:25 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 19:25 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 22:48 . 2010-06-03 22:48 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-03 22:48 . 2010-06-03 22:48 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-02 21:35 . 2008-08-03 14:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 07:24 . 2010-06-09 23:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 23:41 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 18:28 . 2010-05-22 18:28 48388 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-01-30 00:22 . 2010-01-30 00:22 648 ----a-w- c:\program files\RejoinCommandLine.txt
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-19 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

c:\users\Mike Carnage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PS3 Media Server.lnk - c:\program files\PS3 Media Server\PMS.exe [2009-3-9 169367]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DualCoreCenter.lnk]
backup=c:\windows\pss\DualCoreCenter.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
backup=c:\windows\pss\Ultra Hal Text-to-Speech Reader Startup.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-13 20:52 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2006-11-09 15:19 204800 ------w- c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
2006-10-06 19:17 53248 ------w- c:\windows\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
2008-05-13 23:26 196608 ----a-w- c:\program files\MSI\DualCoreCenter\DelReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-04 10:47 133104 ----atw- c:\users\Mike Carnage\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2008-08-01 20:36 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 19:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-08-01 03:03 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 19:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 20:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 15:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-15 13:35 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-13 716272]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a4b7a4836b45;Google Update Service (gupdate1c9a4b7a4836b45);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-25 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-04 79360]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-02-27 28160]
R3 HwIOctl;HwIOctl;c:\program files\Setup Files\MS-7510 v1.40\HwIOctl.sys [x]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2008-08-25 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1343400]
R3 WEBNTACCESS;WEBNTACCESS;c:\progra~1\MSI\LIVEUP~1\NTACCESS.SYS [x]
R4 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
R4 OrbisClient.Services;LabSim Configuration and Security;c:\program files\TestOut\Orbis\OrbisClient.Services.exe [2009-06-10 13824]
R4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-04-17 184320]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2008-01-18 16128]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 413208]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-09 21:36]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 15:14]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 15:14]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814650353-3792096123-3667027312-1000Core.job
- c:\users\Mike Carnage\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-08 10:47]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814650353-3792096123-3667027312-1000UA.job
- c:\users\Mike Carnage\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-08 10:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-WinSys2 - c:\windows\system32\startup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,48,ae,14,8d,30,9d,43,89,27,43,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,48,ae,14,8d,30,9d,43,89,27,43,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Lycosa\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-08-18 10:41:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 14:41

Pre-Run: 42,261,733,376 bytes free
Post-Run: 42,533,638,144 bytes free

- - End Of File - - 970853E89EA66A66F39DE3C03E8942D3


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 18 August 2010 - 01:37 PM

Looks indeed like a rootkit. However, I want to doublecheck its gone indeed. Please let me also know how things are running now.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 18 August 2010 - 03:47 PM

I havent noticed any random audio so far, but it was so random in the past.
So far everything seems to be running ok, no major issues or bluescreens yet

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
System Product Name: MS-7510
Logical Drives Mask: 0x0200002c

Kernel Drivers (total 196):
0xE2E13000 \SystemRoot\system32\ntkrnlpa.exe
0xE3223000 \SystemRoot\system32\halmacpi.dll
0xE0B9C000 \SystemRoot\system32\kdcom.dll
0x8BA0F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BA87000 \SystemRoot\system32\PSHED.dll
0x8BA98000 \SystemRoot\system32\BOOTVID.dll
0x8BAA0000 \SystemRoot\system32\CLFS.SYS
0x8BAE2000 \SystemRoot\system32\CI.dll
0x8BB8D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BA00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BC01000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BC49000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BC52000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BC5A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BC65000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BC8F000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD9D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BDC3000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BE2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BE75000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BE7C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BE8A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BEA0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BEA9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BECC000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8BF03000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BF4A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BF53000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BF87000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C03F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C16E000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C199000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BF98000 \SystemRoot\System32\Drivers\cng.sys
0x8C1AC000 \SystemRoot\System32\drivers\pcw.sys
0x8C1BA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C21C000 \SystemRoot\system32\drivers\ndis.sys
0x8C2D3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C311000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C427000 \SystemRoot\System32\drivers\tcpip.sys
0x8C570000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C5A1000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C5AA000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C5E9000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5F1000 \SystemRoot\system32\speedfan.sys
0x8C336000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C400000 \SystemRoot\System32\Drivers\mup.sys
0x8C410000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C418000 \SystemRoot\system32\giveio.sys
0x8C363000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C395000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C3A6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C200000 \SystemRoot\System32\Drivers\Null.SYS
0x8C207000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C20E000 \SystemRoot\System32\drivers\vga.sys
0x8C3DC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C000000 \SystemRoot\System32\drivers\watchdog.sys
0x8C00D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C015000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C01D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C025000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C030000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BE00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BE17000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BCA0000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8BCDA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BD0C000 \SystemRoot\system32\drivers\afd.sys
0x8BE22000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8BD66000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BD85000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BDD3000 \SystemRoot\system32\DRIVERS\serial.sys
0x8BDED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91C39000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91C49000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x91C56000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91C97000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91CA1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91CB4000 \SystemRoot\system32\drivers\InCDPass.sys
0x91CBC000 \SystemRoot\System32\drivers\discache.sys
0x91CC8000 \SystemRoot\system32\drivers\csc.sys
0x91D2C000 \SystemRoot\System32\Drivers\dfsc.sys
0x91D44000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91D52000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x91D58000 \SystemRoot\System32\Drivers\avgldx86.sys
0x91D8C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91DAD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93233000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93CB1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93CB3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93D6A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93DA3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x93DAD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x92802000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9284D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9285C000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0x928A1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x928C0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x928EC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x928F9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9290B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92923000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9292E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92950000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92968000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9297F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92996000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x929A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x929AD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x929BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x929BC000 \SystemRoot\system32\DRIVERS\ks.sys
0x929F0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93DB7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93200000 \SystemRoot\system32\drivers\libusb0.sys
0x929FE000 \SystemRoot\system32\drivers\usbd.sys
0x9320E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x99E04000 \SystemRoot\system32\drivers\t3.sys
0x99E6C000 \SystemRoot\system32\drivers\portcls.sys
0x99E9B000 \SystemRoot\system32\drivers\drmk.sys
0x9B310000 \SystemRoot\System32\win32k.sys
0x99EB4000 \SystemRoot\System32\drivers\Dxapi.sys
0x99EBE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x99ECB000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x99ED5000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x99F0C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99F1D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x99F34000 \SystemRoot\System32\Drivers\Lycosa.sys
0x99F38000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x99F43000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x99F56000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x99F5D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x99F69000 \SystemRoot\system32\drivers\copperhd.sys
0x99F6C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x99F77000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B570000 \SystemRoot\System32\TSDDD.dll
0x9B5A0000 \SystemRoot\System32\cdd.dll
0x9B200000 \SystemRoot\System32\ATMFD.DLL
0x9147E000 \SystemRoot\system32\drivers\luafv.sys
0x91499000 \SystemRoot\system32\drivers\WudfPf.sys
0x914B3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x914C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x914D6000 \SystemRoot\system32\drivers\HTTP.sys
0x9155B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x91574000 \SystemRoot\System32\drivers\mpsdrv.sys
0x91586000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x915A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x915E4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3229000 \SystemRoot\system32\drivers\peauth.sys
0xA32C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA32CA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA32EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA32F8000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3347000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3398000 \??\C:\Users\MIKECA~1\AppData\Local\Temp\mbr.sys
0xA339E000 \SystemRoot\System32\drivers\rdpdr.sys
0xA33C3000 \SystemRoot\system32\drivers\tdtcp.sys
0xA33CD000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x99FA3000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xBF2A2000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x771F0000 \Windows\System32\ntdll.dll
0x47EA0000 \Windows\System32\smss.exe
0x77430000 \Windows\System32\apisetschema.dll
0x00B20000 \Windows\System32\autochk.exe
0x77340000 \Windows\System32\kernel32.dll
0x77120000 \Windows\System32\user32.dll
0x77020000 \Windows\System32\wininet.dll
0x76F70000 \Windows\System32\rpcrt4.dll
0x76F30000 \Windows\System32\ws2_32.dll
0x76F10000 \Windows\System32\sechost.dll
0x76D70000 \Windows\System32\setupapi.dll
0x76D10000 \Windows\System32\shlwapi.dll
0x76C70000 \Windows\System32\advapi32.dll
0x76B10000 \Windows\System32\ole32.dll
0x76A40000 \Windows\System32\msctf.dll
0x769E0000 \Windows\System32\difxapi.dll
0x77330000 \Windows\System32\nsi.dll
0x769B0000 \Windows\System32\imagehlp.dll
0x76990000 \Windows\System32\imm32.dll
0x76940000 \Windows\System32\Wldap32.dll
0x768B0000 \Windows\System32\oleaut32.dll
0x75C60000 \Windows\System32\shell32.dll
0x75C50000 \Windows\System32\normaliz.dll
0x75BB0000 \Windows\System32\usp10.dll
0x759B0000 \Windows\System32\iertutil.dll
0x759A0000 \Windows\System32\lpk.dll
0x75920000 \Windows\System32\comdlg32.dll
0x75890000 \Windows\System32\clbcatq.dll
0x757E0000 \Windows\System32\msvcrt.dll
0x756A0000 \Windows\System32\urlmon.dll
0x75650000 \Windows\System32\gdi32.dll
0x75640000 \Windows\System32\psapi.dll
0x75610000 \Windows\System32\cfgmgr32.dll
0x755E0000 \Windows\System32\wintrust.dll
0x75590000 \Windows\System32\KernelBase.dll
0x75470000 \Windows\System32\crypt32.dll
0x753E0000 \Windows\System32\comctl32.dll
0x753C0000 \Windows\System32\devobj.dll
0x753B0000 \Windows\System32\msasn1.dll

Processes (total 69):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
412 csrss.exe
480 C:\Windows\System32\wininit.exe
488 csrss.exe
528 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
640 C:\Windows\System32\winlogon.exe
704 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\nvvsvc.exe
808 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1132 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1184 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\nvvsvc.exe
1432 C:\Windows\System32\spoolsv.exe
1460 C:\Windows\System32\svchost.exe
1580 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1620 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\libusbd-nt.exe
1804 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
1888 C:\Windows\System32\svchost.exe
1964 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2100 dllhost.exe
2372 C:\Windows\System32\taskhost.exe
2568 C:\Windows\System32\dwm.exe
2840 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3000 C:\Program Files\AVG\AVG9\avgnsx.exe
3312 C:\Program Files\AVG\AVG9\avgrsx.exe
3320 C:\Program Files\AVG\AVG9\avgchsvx.exe
3380 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3940 C:\Windows\System32\rundll32.exe
3960 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
3988 C:\Program Files\AVG\AVG9\avgtray.exe
4028 C:\Program Files\Razer\Copperhead\razerhid.exe
4056 C:\Program Files\Razer\Lycosa\razerhid.exe
4072 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2068 C:\Windows\WindowsMobile\wmdc.exe
2584 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3264 C:\Program Files\Java\jre6\bin\javaw.exe
3716 C:\Program Files\Razer\Copperhead\razertra.exe
3712 C:\Program Files\Razer\Lycosa\razertra.exe
3760 C:\Program Files\Razer\Copperhead\razerofa.exe
1060 C:\Windows\System32\svchost.exe
2816 C:\Windows\System32\SearchIndexer.exe
4244 C:\Windows\System32\svchost.exe
4940 C:\Windows\System32\svchost.exe
5300 dllhost.exe
5096 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5392 C:\Windows\explorer.exe
6140 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\taskmgr.exe
5592 C:\Windows\System32\mobsync.exe
2744 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4608 C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
5244 C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
1544 C:\Program Files\Internet Explorer\iexplore.exe
5448 C:\Program Files\Internet Explorer\iexplore.exe
4356 C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
4664 C:\Windows\System32\SearchProtocolHost.exe
5488 C:\Windows\System32\dllhost.exe
5900 C:\Users\Mike Carnage\AppData\Local\Google\Chrome\Application\chrome.exe
1996 C:\Users\Mike Carnage\Downloads\MBRCheck.exe
4584 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x0000000f`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\Z: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3250410AS, Rev: 3.AA
PhysicalDrive2 Model Number: ST3320620AS, Rev: 3.AA
PhysicalDrive1 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1397 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 19 August 2010 - 02:05 AM

Hi, that looks indeed a lot better. smile.gif

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 22 August 2010 - 06:03 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4460

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/08/2010 11:38:25 PM
mbam-log-2010-08-21 (23-38-25).txt

Scan type: Full scan (C:\|D:\|F:\|Z:\|)
Objects scanned: 496395
Time elapsed: 1 hour(s), 57 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 22 August 2010 - 06:11 AM

Hi, lets do one last check before calling it clean. smile.gif

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 22 August 2010 - 06:19 AM

I am just off to work, I will do that tonight smile.gif

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 22 August 2010 - 06:36 AM

Okay, no problem!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 MikeCarnage

MikeCarnage
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 23 August 2010 - 09:04 AM

I guess alot of my games had viruses sad.gif

C:\Users\Mike Carnage\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\74e50b61-1c333b6b Java/TrojanDownloader.Agent.NBJ trojan deleted - quarantined
Z:\GAMES\Aix2 and maps\AIX_2.0_CORE_MOD.exe probably a variant of Win32/Agent.LAIKEGP trojan deleted - quarantined
Z:\GAMES\S.T.A.L.K.E.R.Shadow.of.Chernobyl.EMUDVD-Unleashed\unl-ssoc.rar probably a variant of Win32/Adware.Agent.DNVKAOS application deleted - quarantined
Z:\GAMES\S.T.A.L.K.E.R.Shadow.of.Chernobyl.EMUDVD-Unleashed\unl-ssoc\STALKER.exe probably a variant of Win32/Adware.Agent.DNVKAOS application cleaned by deleting - quarantined
Z:\GAMES\Supreme.Commander\dvd.iso probably a variant of Win32/TrojanDownloader.Obfuscated.MFRBVSS trojan deleted - quarantined
Z:\MIKEC\Backup Set 2010-07-30 213624\Backup Files 2010-07-30 213624\Backup files 8.zip Java/TrojanDownloader.Agent.NBJ trojan deleted - quarantined
Z:\New Folder\NTFS Partition @ 0\Root\Users\evilbarbie\Music\desperate housewives theme.wma probably a variant of Win32/Agent.NTIIRVX trojan cleaned by deleting - quarantined
Z:\New Folder\NTFS Partition @ 0\Root\Users\evilbarbie\Music\lion sound fx.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
Z:\New Folder\NTFS Partition @ 0\Root\Users\evilbarbie\Music\lion sound fx_1.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
Z:\SOFTWARE\Game key gen\Armed Assault.rar probably a variant of Win32/Agent.NMWVTDP trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\Big Scale Racing.rar probably a variant of Win32/Agent.JNIOQDF trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\Full Spectrum Warrior.rar probably a variant of Win32/Agent.SHWGFE trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\MPV Baseball 2005.rar probably a variant of Win32/Agent.RWNWTI trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\NASCAR Sim Racing.rar probably a variant of Win32/Hupigon.ENUBOLR trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\Pariah.rar probably a variant of Win32/Agent.NLODGNC trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\Scrabble Online.rar probably a variant of Win32/Agent.GJKDYML trojan deleted - quarantined
Z:\SOFTWARE\Game key gen\Zanzarah.rar probably a variant of Win32/Agent.KFZVZEK trojan deleted - quarantined
Z:\SOFTWARE\MS Office 2007 ULTIMATE [GR420]\MS Office 2007 ULTIMATE.iso probably a variant of Win32/Agent.FGHQVIS trojan deleted - quarantined


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:39 PM

Posted 23 August 2010 - 09:19 AM

That is not something to be surprised about given the fact that many files seemed related to keybens/cracks. By using these you practically invite malware to infect your computer. If you continue to use them, you can be quite certain your computer will be reinfected in no time.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users