Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran TDSSKiller, now I can't access Windows


  • This topic is locked This topic is locked
45 replies to this topic

#1 RoniFrax

RoniFrax

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 07 September 2010 - 06:05 PM

Hi. New user but I've used this forum before. Very helpful!
I believe I had a rootkit installed on my machine before I (haphazardly) began running programs to delete it. I believe while trying to combat residual registry files from malware, I deleted necessary files. I must boot windows in safe mode to use it, when it restarts it blue screens (then promptly redirects to safe mode, I can't read blue screen info).

Initally, what started all this, was the 80072EFE error message I received when trying to download Windows updates or visit the microsoft updates site.

Here is my DDS file, ATTACH and ARK docu's attached...


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by mblaney at 15:49:15.97 on Tue 09/07/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2395 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\mblaney\Searches\Music\Leaving Records\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mblaney\appdata\roaming\mozilla\firefox\profiles\no0rbojn.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\mblaney\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2009-12-24 13224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-7 1153368]
S2 SECYPECP;SECYPECP;c:\windows\system32\drivers\SECYPECP.SYS [2010-3-23 14032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-22 24652]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-23 111616]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2009-11-9 158600]
S3 SL3Usb;SL3 driver;c:\windows\system32\drivers\Sl3.sys [2009-2-16 46184]
S3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\drivers\TTM57SLUsb.sys [2007-5-21 29568]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-24 15656]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-12-25 419448]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-9-22 73728]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-12-24 4408616]
S4 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2009-12-24 112936]

=============== Created Last 30 ================

2010-09-07 21:23:22 0 d-----w- c:\users\mblaney\appdata\roaming\SUPERAntiSpyware.com
2010-09-07 21:23:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 21:23:15 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 19:16:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 19:16:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 19:11:26 268435456 --sha-w- c:\windows\system32\temppf.sys
2010-09-07 18:14:31 0 d-----w- c:\program files\ESET
2010-09-07 18:00:18 88910 ----a-w- c:\users\mblaney\bookmarks-2010-09-07.json
2010-09-07 15:20:18 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-07 06:14:26 98816 ----a-w- c:\windows\sed.exe
2010-09-07 06:14:26 77312 ----a-w- c:\windows\MBR.exe
2010-09-07 06:14:26 256512 ----a-w- c:\windows\PEV.exe
2010-09-07 06:14:26 161792 ----a-w- c:\windows\SWREG.exe
2010-09-07 03:31:54 0 d-----w- c:\windows\system32\catroot2(191)
2010-09-04 20:01:24 0 d-----w- c:\program files\RAM Def
2010-09-03 01:55:05 0 d-----w- c:\users\mblaney\appdata\roaming\Malwarebytes
2010-09-03 01:54:54 0 d-----w- c:\programdata\Malwarebytes
2010-09-03 01:54:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-02 22:20:19 0 d-----w- c:\program files\Virtual Audio Cable
2010-09-02 19:48:38 0 d-----w- c:\users\mblaney\appdata\roaming\Final Draft
2010-09-02 19:44:37 0 d-----w- c:\programdata\Final Draft
2010-09-02 19:44:28 0 d-----w- c:\program files\Final Draft 8
2010-08-27 05:59:45 94324 ----a-w- c:\users\mblaney\WARNER.rns
2010-08-25 19:06:08 0 d-----w- c:\programdata\AVS4YOU
2010-08-25 19:05:59 0 d-----w- c:\users\mblaney\appdata\roaming\AVS4YOU
2010-08-25 19:04:40 0 d-----w- c:\program files\common files\AVSMedia
2010-08-25 19:04:35 1777664 ----a-w- c:\windows\system32\GdiPlus.dll
2010-08-25 19:03:54 0 d-----w- c:\program files\AVS4YOU
2010-08-25 05:04:30 647168 ----a-w- c:\windows\system32\aestecap.dll
2010-08-25 05:04:30 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2010-08-25 05:04:30 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-08-25 05:04:30 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-08-25 05:04:30 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-08-25 05:02:12 330752 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-08-25 05:02:11 527872 ----a-w- c:\windows\system32\stapo.dll
2010-08-25 05:02:11 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-08-25 05:02:11 312320 ----a-w- c:\windows\system32\stapi32.dll
2010-08-25 05:02:11 150016 ----a-w- c:\windows\system32\st325866.dll
2010-08-25 04:21:46 31612 ----a-w- c:\users\mblaney\RobeFlax_DiscoGodfather.rns
2010-08-19 20:55:35 43068 ----a-w- c:\users\mblaney\WERD.rns
2010-08-18 05:12:51 87180 ----a-w- c:\users\mblaney\snowshoewalk.rns
2010-08-18 00:15:29 0 d-----w- c:\program files\BitTorrent
2010-08-18 00:15:02 0 d-----w- c:\users\mblaney\appdata\roaming\BitTorrent
2010-08-17 04:54:23 0 d-----w- c:\program files\Recycle
2010-08-17 04:54:03 331263 ----a-w- c:\windows\LOOP.exe
2010-08-17 04:48:11 25279956 ----a-w- c:\users\mblaney\ARETHRA.rns
2010-08-14 01:51:32 0 d-----w- c:\program files\common files\Digidesign
2010-08-13 20:10:50 23404916 ----a-w- c:\users\mblaney\KITTENDOUGLAS_TRAHLAHLAND.wav
2010-08-13 09:04:26 3571584 ----a-w- c:\windows\system32\GameMon.des
2010-08-13 09:01:06 0 d-----w- c:\program files\softnyxGame
2010-08-13 02:58:44 0 d-----w- c:\users\mblaney\appdata\roaming\PACE Anti-Piracy
2010-08-13 02:58:44 0 d-----w- c:\programdata\PACE Anti-Piracy
2010-08-13 02:58:44 0 d-----w- c:\program files\common files\PACE Anti-Piracy
2010-08-13 02:52:48 0 d-----w- c:\users\mblaney\appdata\roaming\Antares
2010-08-13 02:52:47 0 d-----w- c:\program files\Antares Audio Technologies
2010-08-12 20:53:20 99996682 ----a-w- c:\users\mblaney\TRAHLAHLAND.rns
2010-08-12 09:10:10 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-12 09:10:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 21:01:10 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 21:01:09 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 21:01:00 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 21:00:57 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 21:00:28 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 21:00:27 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 21:00:20 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 21:00:20 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 21:00:14 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 21:00:08 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-09 02:30:32 108724 ----a-w- c:\users\mblaney\LOSTDOWNHEREAGAIN.rns

==================== Find3M ====================

2010-08-26 00:04:02 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-26 00:04:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-25 05:04:17 143360 ----a-w- c:\windows\inf\infstor.dat
2010-04-19 22:06:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-23 07:52:43 76 --sh--r- c:\windows\CT4CET.bin
2008-09-23 10:23:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:51:13.90 ===============





Thank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 12:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 01:21 PM

Thank you for the reply!!!!!


OTL LOG
OTL logfile created on: 9/13/2010 12:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\mblaney\Searches\Music\Leaving Records
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 51.72 Gb Free Space | 23.45% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.82 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MBLANEY-PC
Current User Name: mblaney
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 11:56:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\mblaney\Searches\Music\Leaving Records\OTL.exe
PRC - [2010/09/08 10:52:53 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/08 10:52:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 11:56:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\mblaney\Searches\Music\Leaving Records\OTL.exe
MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 20:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/07/16 01:36:00 | 003,571,584 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/24 20:12:00 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/15 10:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 10:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/17 08:32:06 | 000,419,448 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2008/09/23 02:15:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mblaney\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/03/23 05:42:19 | 000,014,032 | ---- | M] (Samsung Electronics Ltd) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SECYPECP.SYS -- (SECYPECP)
DRV - [2009/11/09 13:56:10 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2009/11/03 21:55:34 | 000,051,712 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/11/03 20:28:02 | 000,282,112 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/05/20 16:14:32 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/16 15:20:22 | 000,046,184 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sl3.sys -- (SL3Usb)
DRV - [2009/01/30 15:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/03 07:43:06 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/07/03 07:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 06:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/23 06:45:40 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/23 06:45:40 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/23 06:45:38 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/04 03:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 01:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/06 01:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/03 23:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/03 23:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/02/15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/28 23:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/21 17:04:24 | 000,029,568 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTM57SLUsb.sys -- (TTM57SLUsb)
DRV - [2007/05/21 15:04:16 | 000,029,696 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SeratoUsb.sys -- (SeratoUsb)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/16 11:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220733442-3700202271-1892998609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220733442-3700202271-1892998609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-220733442-3700202271-1892998609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: asf@mangaheart.org:1.0.1
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2.development.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 10:52:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 10:52:56 | 000,000,000 | ---D | M]

[2010/09/01 01:51:09 | 000,000,000 | ---D | M] -- C:\Users\mblaney\AppData\Roaming\mozilla\Extensions
[2010/09/01 01:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mblaney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/12 11:52:45 | 000,000,000 | ---D | M] -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions
[2010/07/01 03:27:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/27 19:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/07/31 16:39:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/01 03:27:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/01 03:27:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/01 03:27:03 | 000,000,000 | ---D | M] -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\asf@mangaheart.org
[2010/08/20 02:06:30 | 000,000,000 | ---D | M] -- C:\Users\mblaney\AppData\Roaming\mozilla\Firefox\Profiles\no0rbojn.default\extensions\https-everywhere@eff.org
[2010/09/12 11:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 00:42:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/06 20:38:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/09/07 09:14:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKU\S-1-5-21-220733442-3700202271-1892998609-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-220733442-3700202271-1892998609-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220733442-3700202271-1892998609-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220733442-3700202271-1892998609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\mblaney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mblaney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig - StartUpFolder: C:^Users^mblaney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MOG-O-MATIC.lnk - C:\Program Files\MOG-O-MATIC\MogClient.exe - (MOG)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: USB2Check - hkey= - key= - File not found
MsConfig - StartUpReg: USBToolTip - hkey= - key= - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: midi2 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi3 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi4 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi5 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 11:15:56 | 000,000,000 | ---D | C] -- C:\Users\mblaney\NEWRNSFILES - Copy (1)
[2010/09/07 15:23:22 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/07 15:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/07 15:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/07 13:16:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/07 13:16:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/07 12:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/07 09:20:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/07 09:20:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/07 09:20:14 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Local\temp
[2010/09/07 08:53:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/07 00:14:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/07 00:14:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/07 00:14:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/07 00:14:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/07 00:13:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/06 21:31:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(191)
[2010/09/04 14:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def
[2010/09/04 13:59:53 | 000,000,000 | ---D | C] -- C:\Users\mblaney\Desktop\rdef26xt
[2010/09/02 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Roaming\Malwarebytes
[2010/09/02 19:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 19:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Local\ntaerdoif
[2010/09/02 16:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2010/09/02 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Roaming\Final Draft
[2010/09/02 13:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Final Draft
[2010/09/02 13:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Final Draft 8
[2010/09/01 01:51:06 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Roaming\Thunderbird
[2010/08/28 00:00:33 | 000,000,000 | ---D | C] -- C:\Users\mblaney\Desktop\Truss - The Skeleton Key
[2010/08/27 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\mblaney\Desktop\DJ Dara - Flavor 96 - 1996 - Side A&B_YouRmomSnutZ
[2010/08/25 13:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/08/25 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Roaming\AVS4YOU
[2010/08/25 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/08/25 13:04:35 | 001,777,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2010/08/25 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/08/24 23:04:30 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/08/24 23:04:30 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stlang.dll
[2010/08/24 23:04:30 | 000,647,168 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2010/08/24 23:04:30 | 000,131,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2010/08/24 23:04:30 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/08/24 23:02:12 | 000,330,752 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/08/24 23:02:11 | 000,527,872 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/08/24 23:02:11 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/08/24 23:02:11 | 000,312,320 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/08/24 23:02:11 | 000,150,016 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st325866.dll
[2010/08/24 23:00:48 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Local\Apps
[2010/08/24 23:00:47 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Local\Deployment
[2010/08/17 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/17 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\mblaney\AppData\Roaming\BitTorrent
[2010/08/16 22:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Recycle

========== Files - Modified Within 30 Days ==========

[2010/09/13 12:03:33 | 003,407,872 | -HS- | M] () -- C:\Users\mblaney\ntuser.dat
[2010/09/13 11:51:31 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/13 11:51:31 | 000,633,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/13 11:51:31 | 000,116,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/13 11:47:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/09/13 11:47:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 11:47:08 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2010/09/13 11:46:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 20:21:16 | 000,006,648 | ---- | M] () -- C:\Users\mblaney\AppData\Local\d3d9caps.dat
[2010/09/10 17:13:09 | 000,007,168 | ---- | M] () -- C:\Windows\DellBIOS.Sys
[2010/09/10 17:13:01 | 001,043,238 | ---- | M] () -- C:\Users\mblaney\Documents\1525_A17.EXE
[2010/09/10 17:09:58 | 001,162,486 | ---- | M] () -- C:\Users\mblaney\Documents\1545_A14.EXE
[2010/09/08 19:14:28 | 000,240,128 | ---- | M] () -- C:\Users\mblaney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 22:13:04 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 22:12:12 | 000,033,524 | ---- | M] () -- C:\Users\mblaney\Documents\cc_20100907_221210.reg
[2010/09/07 22:07:37 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ybjjioy.sys
[2010/09/07 21:35:04 | 000,034,064 | ---- | M] () -- C:\Users\mblaney\Documents\cc_20100907_213501.reg
[2010/09/07 18:27:09 | 101,210,880 | ---- | M] () -- C:\Users\mblaney\Desktop\R161378.exe
[2010/09/07 18:04:46 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2010/09/07 17:52:45 | 000,034,452 | ---- | M] () -- C:\Users\mblaney\Documents\cc_20100907_175242.reg
[2010/09/07 15:23:17 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/07 15:05:33 | 000,032,688 | ---- | M] () -- C:\Users\mblaney\Documents\cc_20100907_150528.reg
[2010/09/07 14:48:29 | 000,061,682 | ---- | M] () -- C:\Users\mblaney\Documents\cc_20100907_144755.reg
[2010/09/07 13:10:47 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/07 13:10:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/07 13:10:44 | 000,524,288 | -HS- | M] () -- C:\Users\mblaney\ntuser.dat{bda9a33b-d913-11dd-a146-00219bf00310}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 13:10:44 | 000,065,536 | -HS- | M] () -- C:\Users\mblaney\ntuser.dat{bda9a33b-d913-11dd-a146-00219bf00310}.TM.blf
[2010/09/07 12:00:18 | 000,088,910 | ---- | M] () -- C:\Users\mblaney\bookmarks-2010-09-07.json
[2010/09/07 11:52:41 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/09/07 09:14:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/07 09:14:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/06 23:57:26 | 000,106,024 | ---- | M] () -- C:\Users\mblaney\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/05 21:45:36 | 000,273,241 | ---- | M] () -- C:\Users\mblaney\Desktop\P329035022.jpg
[2010/09/05 21:43:43 | 000,156,635 | ---- | M] () -- C:\Users\mblaney\Desktop\P32903502.jpg
[2010/09/02 13:48:32 | 000,000,026 | -H-- | M] () -- C:\ProgramData\.811261211181235583101118113995
[2010/08/27 21:46:01 | 000,094,324 | ---- | M] () -- C:\Users\mblaney\WARNER.rns
[2010/08/26 13:56:08 | 025,279,956 | ---- | M] () -- C:\Users\mblaney\ARETHRA.rns
[2010/08/25 22:47:45 | 000,087,180 | ---- | M] () -- C:\Users\mblaney\snowshoewalk.rns
[2010/08/24 23:01:31 | 009,127,120 | ---- | M] () -- C:\Users\mblaney\Documents\R218148.exe
[2010/08/24 22:21:46 | 000,031,612 | ---- | M] () -- C:\Users\mblaney\RobeFlax_DiscoGodfather.rns
[2010/08/20 15:44:53 | 000,010,105 | ---- | M] () -- C:\Users\mblaney\Documents\todo.odt
[2010/08/19 14:55:35 | 000,043,068 | ---- | M] () -- C:\Users\mblaney\WERD.rns
[2010/08/18 13:23:55 | 000,524,288 | -HS- | M] () -- C:\Users\mblaney\ntuser.dat{bda9a33b-d913-11dd-a146-00219bf00310}.TMContainer00000000000000000001.regtrans-ms
[2010/08/18 12:45:46 | 000,000,416 | ---- | M] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Music - Shortcut.lnk
[2010/08/18 12:45:04 | 000,000,398 | ---- | M] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Pictures - Shortcut.lnk
[2010/08/18 03:33:56 | 000,001,953 | ---- | M] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Scratch Live.lnk
[2010/08/18 03:33:48 | 000,000,740 | ---- | M] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\ReCycle.lnk
[2010/08/18 03:33:45 | 000,000,864 | ---- | M] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk
[2010/08/18 03:33:30 | 000,001,005 | ---- | M] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/08/17 23:03:35 | 003,251,188 | ---- | M] () -- C:\Users\mblaney\lONGjOHN.rns
[2010/08/16 17:11:34 | 000,082,632 | ---- | M] () -- C:\Users\mblaney\placesz.rns
[2010/08/16 17:05:11 | 099,996,682 | ---- | M] () -- C:\Users\mblaney\TRAHLAHLAND.rns

========== Files Created - No Company Name ==========

[2010/09/10 17:13:09 | 000,007,168 | ---- | C] () -- C:\Windows\DellBIOS.Sys
[2010/09/10 17:13:00 | 001,043,238 | ---- | C] () -- C:\Users\mblaney\Documents\1525_A17.EXE
[2010/09/10 17:09:56 | 001,162,486 | ---- | C] () -- C:\Users\mblaney\Documents\1545_A14.EXE
[2010/09/07 22:12:11 | 000,033,524 | ---- | C] () -- C:\Users\mblaney\Documents\cc_20100907_221210.reg
[2010/09/07 22:07:37 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ybjjioy.sys
[2010/09/07 21:35:02 | 000,034,064 | ---- | C] () -- C:\Users\mblaney\Documents\cc_20100907_213501.reg
[2010/09/07 18:26:09 | 101,210,880 | ---- | C] () -- C:\Users\mblaney\Desktop\R161378.exe
[2010/09/07 18:04:41 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2010/09/07 17:52:44 | 000,034,452 | ---- | C] () -- C:\Users\mblaney\Documents\cc_20100907_175242.reg
[2010/09/07 15:23:17 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/07 15:05:31 | 000,032,688 | ---- | C] () -- C:\Users\mblaney\Documents\cc_20100907_150528.reg
[2010/09/07 14:47:56 | 000,061,682 | ---- | C] () -- C:\Users\mblaney\Documents\cc_20100907_144755.reg
[2010/09/07 13:16:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:11:26 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2010/09/07 12:00:18 | 000,088,910 | ---- | C] () -- C:\Users\mblaney\bookmarks-2010-09-07.json
[2010/09/07 11:52:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/07 00:14:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/07 00:14:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/07 00:14:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/07 00:14:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/07 00:14:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/05 21:45:34 | 000,273,241 | ---- | C] () -- C:\Users\mblaney\Desktop\P329035022.jpg
[2010/09/05 21:43:42 | 000,156,635 | ---- | C] () -- C:\Users\mblaney\Desktop\P32903502.jpg
[2010/09/02 13:48:10 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2010/08/27 23:11:41 | 085,642,034 | ---- | C] () -- C:\Users\mblaney\Desktop\Rumblejunkie - Shameless Promo Mix.mp3
[2010/08/27 23:11:35 | 062,603,601 | ---- | C] () -- C:\Users\mblaney\Desktop\vibert-atlantis-2003.mp3
[2010/08/26 23:59:45 | 000,094,324 | ---- | C] () -- C:\Users\mblaney\WARNER.rns
[2010/08/24 23:01:22 | 009,127,120 | ---- | C] () -- C:\Users\mblaney\Documents\R218148.exe
[2010/08/24 22:21:46 | 000,031,612 | ---- | C] () -- C:\Users\mblaney\RobeFlax_DiscoGodfather.rns
[2010/08/20 15:44:51 | 000,010,105 | ---- | C] () -- C:\Users\mblaney\Documents\todo.odt
[2010/08/19 14:55:35 | 000,043,068 | ---- | C] () -- C:\Users\mblaney\WERD.rns
[2010/08/18 12:45:46 | 000,000,416 | ---- | C] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Music - Shortcut.lnk
[2010/08/18 12:45:04 | 000,000,398 | ---- | C] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Pictures - Shortcut.lnk
[2010/08/18 03:33:56 | 000,001,953 | ---- | C] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Scratch Live.lnk
[2010/08/18 03:33:48 | 000,000,740 | ---- | C] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\ReCycle.lnk
[2010/08/18 03:33:45 | 000,000,864 | ---- | C] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk
[2010/08/18 03:33:30 | 000,001,005 | ---- | C] () -- C:\Users\mblaney\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/08/17 23:12:51 | 000,087,180 | ---- | C] () -- C:\Users\mblaney\snowshoewalk.rns
[2010/08/16 22:54:03 | 000,331,263 | ---- | C] () -- C:\Windows\LOOP.exe
[2010/08/16 22:48:11 | 025,279,956 | ---- | C] () -- C:\Users\mblaney\ARETHRA.rns
[2010/04/09 13:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010/04/07 04:02:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/06 05:01:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/18 17:21:32 | 000,001,964 | ---- | C] () -- C:\ProgramData\__wdump.txt
[2009/01/28 13:01:25 | 000,006,648 | ---- | C] () -- C:\Users\mblaney\AppData\Local\d3d9caps.dat
[2008/12/20 23:35:16 | 012,494,167 | ---- | C] () -- C:\Users\mblaney\AppData\Roaming\UserTile.png
[2008/12/20 20:34:27 | 000,008,248 | ---- | C] () -- C:\Users\mblaney\AppData\Local\en.ini
[2008/12/20 18:41:09 | 000,240,128 | ---- | C] () -- C:\Users\mblaney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 10:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/23 04:30:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/09/23 04:30:17 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/09/23 04:30:17 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/09/23 04:30:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/09/23 04:30:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/09/23 04:30:14 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/09/23 01:56:53 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/09/23 04:21:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/09/23 04:21:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/09/23 04:21:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 11:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 18:04:46 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2010/06/18 09:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 09:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/16 10:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/09/07 22:07:37 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ybjjioy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 1320 bytes -> C:\ProgramData\Microsoft:slmVW96J0mFyhrpmenAII4
@Alternate Data Stream - 1174 bytes -> C:\Program Files\Common Files\microsoft shared:Dpz7CTGYdYGMtZCgxvJzhp
< End of report >




EXTRAS LOG


OTL Extras logfile created on: 9/13/2010 12:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\mblaney\Searches\Music\Leaving Records
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 51.72 Gb Free Space | 23.45% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.82 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MBLANEY-PC
Current User Name: mblaney
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220733442-3700202271-1892998609-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00224F32-20CC-4D43-BD06-FF80B562002F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{012270E4-0B4F-4AA7-B346-F953F44DB296}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{055CF4FB-A044-4326-9D19-577C2CF9247F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{05E2D062-516B-4188-928D-76185FDB40E5}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{099B33FA-42EC-44C9-9D75-DDC8645E047D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{0BCD670C-7378-409E-A799-423A7C27B8BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CD04DEB-E7DE-4D01-AAE3-E5DAC22C06A9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{0D2AFE00-BA00-4B89-9117-DCB2947943C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D694908-1A7D-4DFC-BC11-6B1FD751CF82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D9C7532-902F-4813-A8EF-D8AE3E0D0DD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E5CC6D6-584F-4D91-B80C-10C0F2A4E3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12384CD4-1D42-4146-BC00-5BA3997D8102}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14873653-4051-40F5-9B0D-16F189860E99}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{150ECA26-3223-452C-A051-9BDA0866E40A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17CDBCDB-3664-4AD9-A744-760B6E51AB86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17E790F8-6AEC-4F19-8F3E-F7C4531F96C4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{18593E27-1FF0-4FAB-8373-8B1E39E8102D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{186E3BAC-22FC-447C-80F4-CDA2A3F59DA9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{1AE370CC-EB96-40E6-8FC2-A92CEC32A503}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C60BF9A-7F83-430A-98F1-2895BE13DB53}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{1CC958BB-0D34-4763-B0EB-D5604BA1A6B6}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{1CFC229C-9354-4A87-BACF-3EAC648B740D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D8E4E50-DA23-4DBD-AC2B-D3F2FEA0150A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{1E1A9E61-ED3D-4E0B-920E-AEB6E0CB667D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{218BFA67-7BB2-4321-8F7D-0C613B1BACBE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{26FE660B-ADFA-45BA-A26F-B0FBD2B44CFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AAEFA62-FB7A-4ED3-B939-5FF2CEB3F714}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E46F0AE-4B9A-4757-9874-1A67A9179A57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E8A4402-D57B-413F-8513-106A3719BFB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30751B6D-095E-4AC7-AF9E-2BC812EA0D67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31CE4888-5CB7-4BAF-8DC0-7BD2EE9FEE27}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{3212E393-CD62-4156-AE88-FEF0F02153BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{356E850F-1041-4627-9A63-BEC89D2E2235}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36667CA4-470F-4319-850D-8E561D77B015}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A276E83-F0B0-423A-99B8-5BD1011E1424}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{3AA32A62-FFB9-41DC-8DCF-D3059EE5F556}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C324CF9-537A-4B85-AB67-19991B1BAA06}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{3E08CC85-A5FD-4882-88F3-CA677CA88F95}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{41499C5B-D95B-408E-96C4-7A425E9E1D10}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{418421C6-CD8F-413F-9CC4-FC3B3D72A246}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{433178DA-146D-4762-9DE2-38EBF6F3D7DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46344ED7-03C4-4413-8D0F-14A58FBF86AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46F8F80D-3EB3-499F-BED4-6FAB5DF16819}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49662D9A-9E1D-4FAE-8AC6-9315E255BC08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49861437-123D-496B-B6D1-0039C464E33D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B3B7745-67DE-4843-B2BE-579802D05160}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BAE089F-A1C6-4F53-9928-353C9971CAEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4ED82012-3FCC-428E-8BB9-4AA7DCE23201}" = protocol=6 | dir=in | app=c:\users\mblaney\appdata\local\temp\purplebean.exe |
"{4F1FAB64-6FF5-4CA3-865C-BD3471920EBD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4F50590E-2BF1-4281-8FA8-2F736B28EF7E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4F626ABC-7F95-4D99-BFE3-8EEA01A91C6F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{50A23B35-1247-422B-8C29-6B260780ECD9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{510BBE2C-509C-4900-93C7-4D7F398D630B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{57A4209A-AAC6-4D23-B9CD-CB2991C1AE18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{596F61BB-7835-46F8-A173-CD5E61DEA7E1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{59A03B03-59A1-4BD1-8292-259D3BA6B74D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A1C8612-0C54-4646-AD8E-2573ECE530B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E85A69E-F9BC-4D19-8B36-3D06384B078B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5EDF7644-2345-4BFB-BD4F-EA828D696C21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FD9BDB1-2165-4132-A603-E4096F3B338D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62A0480C-28A5-46A3-A090-A78292EA55E0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{685F2629-6104-4EF7-9C76-ACBF2BAFC3A3}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6ACB33D5-64CC-4A60-B82F-91B0BF3E2A75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F487702-5FA0-4D54-8FBC-C686BBF9EDA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75D93BB7-19A7-423C-9D40-61B401C3DB02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D326E53-84D1-4BF3-A7ED-553E88995227}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7E9EE6F5-B98C-46C5-97CB-2C8426ED99BC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8474CBD7-CBA2-4176-8AC7-C1A9BC0D91BA}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{85AD1065-57D3-4EFE-9D72-366665A3D19B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{870F7B70-91E7-43FF-AAAC-4856EFE3E49B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{8A257818-E1B2-4F8A-8A43-07E9821AA2A4}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8C94659A-B8EE-4AFA-87C0-8FF9E4B66C93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95862985-B170-4AE6-B87A-0B318BABD3C7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{9B2090E9-7A7C-438B-8760-EEBEA35DB151}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{9DB8B0C5-82AB-41C2-8B4B-4D5386A96E8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FA1C5C7-8ACC-44BE-BB37-7F607EFB0B5F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A0B9D244-A3E1-40C3-B710-E4B4D4128501}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{A381C230-491D-487E-85C4-81231D781C23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A415D20C-E0F4-4474-84B6-E5538A0B5C8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A51778F8-DE47-4D18-BF4C-76B787805DC8}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{A9B11721-C2A0-46A2-AD20-EFE7EE3144F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABB4AA13-A311-439D-AA72-33EB13D9919F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF41057D-9FD8-4C53-A96C-49D8C5294BBF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{AFE1609E-3EEB-489D-B3A4-1B7D61EB39CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B792C15A-B2AE-4E4B-AF7A-60025C572894}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{B9FA1AE8-8CEF-40D7-84EF-837F2EF28AC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB4929C1-B586-4F65-A1B4-2366F06B517E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C51C0B00-8428-47F8-97DF-23B79D9644F3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C60B133C-FDB6-4713-B483-4E8357AA5FAB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C6C98306-5E72-4A78-BA22-5D57CA1B340D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C6D83F32-B8F0-4E75-934E-DDBC46ADC886}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8208E20-96F6-4140-9AA7-6118FFE38092}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C838708D-8E39-4853-B7E3-DE18D9428077}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C903366C-05D5-4449-87CF-A3AF29EB0CAF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C9A28317-1CA7-48FD-9759-0C6465D56A67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA23C741-10E8-409C-B32F-70AAC37C6496}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCDD5A6D-8319-4AF6-AC36-188AB9756E4D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{CE5F46D9-ED40-4B03-96FF-813627A32617}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE7BC217-BBB4-44A1-A3FF-DAA4A65139A7}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{CE9C1D10-3C3D-42BC-BD43-C9707684162C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFEC5887-D600-4402-9EDC-D769CB966D30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D00E3386-8E53-4B1A-B33C-9011D03E5154}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3C9F160-FC63-404F-A90E-5804B844DA5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4CBFFBA-A807-42DE-8165-9B695CBA5E08}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{D71FE436-FB60-47E0-BFC8-7F6D3EA1BE3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D884A1EA-4A8A-4154-8488-5B4EF84C73EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D979CEC7-0048-452E-80B2-15C37F4715F8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{DAC4792C-3A99-4AA0-BFC4-2C2968399330}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{DFB132ED-EDD6-42A2-9C89-8E468C1DD490}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E15474F6-F5B2-44BA-ADC1-ADE5033ED2D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E29930B9-AA62-4EF3-B50A-0B5E46B1BECB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E29AF165-F58E-45E3-BC38-FABFFC197FF7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{E4C8A3C2-6B65-4DCC-8F01-F488A29FE5D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4D9A55E-EFBC-4205-91C9-ECD2CE9D58BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4EBA445-65A5-40F4-951C-3D388D956BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E62F3083-B4A4-4214-B26D-96DCFF75FA41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7705213-EE6F-40E8-8D32-30809ECF260A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{E9FD74DC-5BB3-4A1A-971B-33DE830F51DF}" = protocol=17 | dir=in | app=c:\users\mblaney\appdata\local\temp\purplebean.exe |
"{EBD1DE61-232F-4B3A-ABF6-54694EAC1600}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDE807B7-6ED3-412D-AB3D-95E269FB9521}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{F089283A-F051-40C8-884A-4F922C3591CB}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{F1BAA0E6-87BC-4626-AE5E-E0C32E84F696}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F609F10C-56E3-458F-96B6-2905A7FB1FF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8F839FB-1299-47A6-ACF1-FB2DF660453B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FCD4A7B0-E1DD-4E05-984F-32AE2843064B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{FEB657AE-EA83-4CA6-A0B4-F0A5D915F7C9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{0043EF81-5DD9-4240-852B-BC02C447E68F}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{35FEB6FB-CD48-4C28-8364-6EF8DA670810}C:\users\mblaney\appdata\local\temp\plauncher.exe" = protocol=6 | dir=in | app=c:\users\mblaney\appdata\local\temp\plauncher.exe |
"TCP Query User{8FEDE7BA-6579-40A9-A796-3EF00EBC9516}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{AC3E597A-7B33-4CA6-9AF8-C1997C317DB7}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"TCP Query User{B08B347A-FC6B-40CC-8BF2-F2811FE2264A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BA5DDBC8-051E-4F62-BF6F-49465D0A759A}C:\users\mblaney\nes emulator (fceultra) + almost 1000 games\nestcl95.exe" = protocol=6 | dir=in | app=c:\users\mblaney\nes emulator (fceultra) + almost 1000 games\nestcl95.exe |
"TCP Query User{ED42A7F7-AF10-4994-9423-2372443D72AE}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{10D13CD9-DA78-4633-8EE3-4ABB294EDBBC}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{36244BE1-9093-4168-87A5-30AE80BAECED}C:\users\mblaney\nes emulator (fceultra) + almost 1000 games\nestcl95.exe" = protocol=17 | dir=in | app=c:\users\mblaney\nes emulator (fceultra) + almost 1000 games\nestcl95.exe |
"UDP Query User{385EBE73-1919-4BAE-A5D3-EAAD71671226}C:\users\mblaney\appdata\local\temp\plauncher.exe" = protocol=17 | dir=in | app=c:\users\mblaney\appdata\local\temp\plauncher.exe |
"UDP Query User{49A92B9C-5937-4081-8A66-540C9EC29067}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{6A1AC956-946F-4C9E-81E8-E572641C5A93}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{BD67C89F-2898-422A-94FB-7FD800558235}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F3B16ACF-D9D2-4E34-95B0-AFA3D2231BE3}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04DD6EED-6DAB-49CA-B54F-0B0A6920AB6F}" = crusherX-Live! 4 DEMO
"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236E0A03-6110-485E-B0F9-399215948BB7}" = M-Audio FastTrackPro Driver 6.0.2 (x86)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 18
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{57689BE0-BFA7-11DD-AD8B-0800200C9A66}" = Livestation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6CA2C4D7-4680-4164-95CA-BC79DBF93959}" = Scratch Live 2.0.0 (20049)
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994B2E8D-B4E5-4724-A2A7-E130D351CE73}" = M-Audio FastTrack Driver 6.0.2 (x86)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Anarchy Online_is1" = Anarchy Online
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"a-squared Free_is1" = a-squared Free 4.0
"AudibleManager" = AudibleManager
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"D-Fend Reloaded" = D-Fend Reloaded 1.0.0 (deinstall)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GoToAssist" = GoToAssist 8.0.0.514
"GunboundS2_is1" = GunboundS2
"Live 7.0.3" = Live 7.0.3
"Loki ActiveX Control" = Loki ActiveX Control
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Mp3tag" = Mp3tag v2.45a
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"Reason4_is1" = Reason 4.0
"ReCycle v2.1" = ReCycle v2.1
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SystemRequirementsLab" = System Requirements Lab
"URS Classic Console Strip Pro VST RTAS_is1" = URS Classic Console Strip Pro VST RTAS v1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220733442-3700202271-1892998609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"MOGClient" = MOG-O-MATIC -- Listening preferences and sharing

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 01:36 PM

Hi,

it seems you ran ComboFix. ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please post the log from ComboFix: C:\combofix.txt

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 01:37 PM

Forgot to update on problems....


When I start my computer, it tries to load windows but then blue screens, taking me to the screen with the boot options.

I usually run in Safe Mode with Networking.

I have found several different types of malware in different stages of running progs. These will disappear and reappear after restarting. Obviously a false positive.

At different times, I've run Combofix, SuperAntiSpyware, Rkill, MalwareBytes' Anti-Malware, Ccleaner, Ram Def, and possibly a couple more. Pretty much anything that I read about here, I tried on my computer. Stupid, I know.



#6 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 01:46 PM

ComboFix 10-09-12.04 - mblaney 09/13/2010 12:40:08.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2151 [GMT -6:00]
Running from: c:\users\mblaney\Searches\Music\Leaving Records\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\ybjjioy.sys

.
((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-13 18:43 . 2010-09-13 18:43 -------- d-----w- c:\users\mblaney\AppData\Local\temp
2010-09-13 18:43 . 2010-09-13 18:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-13 18:43 . 2010-09-13 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-13 18:38 . 2010-09-13 18:39 -------- d-----w- C:\32788R22FWJFW
2010-09-10 23:13 . 2010-09-10 23:13 7168 ----a-w- c:\windows\DellBIOS.Sys
2010-09-08 17:15 . 2010-09-08 17:16 -------- d-----w- c:\users\mblaney\NEWRNSFILES - Copy (1)
2010-09-08 00:04 . 2010-09-08 00:04 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-09-07 21:23 . 2010-09-07 21:23 63488 ----a-w- c:\users\mblaney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 21:23 . 2010-09-07 21:23 52224 ----a-w- c:\users\mblaney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 21:23 . 2010-09-07 21:23 117760 ----a-w- c:\users\mblaney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 21:23 . 2010-09-07 21:23 -------- d-----w- c:\users\mblaney\AppData\Roaming\SUPERAntiSpyware.com
2010-09-07 21:23 . 2010-09-07 21:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 21:23 . 2010-09-07 21:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 19:16 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 19:16 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 18:14 . 2010-09-07 18:14 -------- d-----w- c:\program files\ESET
2010-09-07 17:52 . 2010-09-07 17:52 0 ----a-w- c:\windows\nsreg.dat
2010-09-07 03:31 . 2010-09-07 03:36 -------- d-----w- c:\windows\system32\catroot2(191)
2010-09-04 20:01 . 2010-09-04 20:01 -------- d-----w- c:\program files\RAM Def
2010-09-03 01:55 . 2010-09-03 01:55 -------- d-----w- c:\users\mblaney\AppData\Roaming\Malwarebytes
2010-09-03 01:54 . 2010-09-08 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 01:54 . 2010-09-03 01:54 -------- d-----w- c:\programdata\Malwarebytes
2010-09-03 01:22 . 2010-09-03 02:02 -------- d-----w- c:\users\mblaney\AppData\Local\ntaerdoif
2010-09-02 22:20 . 2010-09-03 17:31 -------- d-----w- c:\program files\Virtual Audio Cable
2010-09-02 19:48 . 2010-09-02 19:48 -------- d-----w- c:\users\mblaney\AppData\Roaming\Final Draft
2010-09-02 19:44 . 2010-09-02 19:47 -------- d-----w- c:\programdata\Final Draft
2010-09-02 19:44 . 2010-09-02 19:44 -------- d-----w- c:\program files\Final Draft 8
2010-09-01 07:51 . 2010-09-01 07:51 -------- d-----w- c:\users\mblaney\AppData\Roaming\Thunderbird
2010-08-26 21:20 . 2010-08-26 21:20 92280 ----a-w- c:\users\mblaney\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-08-25 19:06 . 2010-08-25 19:06 -------- d-----w- c:\programdata\AVS4YOU
2010-08-25 19:05 . 2010-08-25 19:05 -------- d-----w- c:\users\mblaney\AppData\Roaming\AVS4YOU
2010-08-25 19:04 . 2010-08-25 19:05 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-25 19:04 . 2003-06-20 19:28 1777664 ----a-w- c:\windows\system32\GdiPlus.dll
2010-08-25 19:03 . 2010-08-25 19:08 -------- d-----w- c:\program files\AVS4YOU
2010-08-25 05:04 . 2008-02-16 00:25 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-08-25 05:04 . 2007-09-20 21:31 647168 ----a-w- c:\windows\system32\aestecap.dll
2010-08-25 05:04 . 2007-09-20 21:31 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-08-25 05:04 . 2007-04-11 00:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-08-25 05:02 . 2008-02-16 00:27 330752 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-08-25 05:02 . 2008-02-16 00:26 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-08-25 05:02 . 2008-02-16 00:25 527872 ----a-w- c:\windows\system32\stapo.dll
2010-08-25 05:02 . 2008-02-16 00:24 150016 ----a-w- c:\windows\system32\st325866.dll
2010-08-25 05:02 . 2008-02-16 00:23 312320 ----a-w- c:\windows\system32\stapi32.dll
2010-08-25 05:00 . 2010-08-25 05:00 -------- d-----w- c:\users\mblaney\AppData\Local\Apps
2010-08-25 05:00 . 2010-09-10 23:12 -------- d-----w- c:\users\mblaney\AppData\Local\Deployment
2010-08-18 00:15 . 2010-08-18 00:15 -------- d-----w- c:\program files\BitTorrent
2010-08-18 00:15 . 2010-09-11 01:59 -------- d-----w- c:\users\mblaney\AppData\Roaming\BitTorrent
2010-08-17 04:54 . 2010-08-17 04:55 -------- d-----w- c:\program files\Recycle
2010-08-17 04:54 . 2004-02-07 07:48 331263 ----a-w- c:\windows\LOOP.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 02:21 . 2009-01-28 19:01 6648 ----a-w- c:\users\mblaney\AppData\Local\d3d9caps.dat
2010-09-08 04:10 . 2010-08-13 02:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-09-08 04:10 . 2010-08-13 02:52 -------- d-----w- c:\users\mblaney\AppData\Roaming\Antares
2010-09-08 00:28 . 2008-12-20 23:22 -------- d-----w- c:\users\mblaney\AppData\Roaming\Dell
2010-09-07 21:04 . 2010-03-07 20:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 05:57 . 2008-12-20 23:22 106024 ----a-w- c:\users\mblaney\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 05:54 . 2009-01-10 21:15 -------- d-----w- c:\users\mblaney\AppData\Roaming\vlc
2010-09-07 05:54 . 2009-01-10 21:06 -------- d-----w- c:\program files\Winamp
2010-09-07 05:54 . 2008-12-24 06:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 05:54 . 2008-09-23 07:48 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 02:38 . 2008-09-23 07:48 -------- d-----w- c:\program files\Java
2010-09-03 02:35 . 2009-05-24 23:58 -------- d-----w- c:\program files\VSTplugins
2010-09-03 01:23 . 2010-04-14 06:42 -------- d-----w- c:\users\mblaney\AppData\Roaming\Skype
2010-09-02 23:47 . 2010-04-14 06:44 -------- d-----w- c:\users\mblaney\AppData\Roaming\skypePM
2010-09-02 19:42 . 2008-12-25 11:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-31 18:13 . 2010-04-11 00:21 1 ----a-w- c:\users\mblaney\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-26 21:20 . 2009-08-15 16:15 -------- d-----w- c:\users\mblaney\AppData\Roaming\SystemRequirementsLab
2010-08-25 05:02 . 2008-09-23 07:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 00:07 . 2010-03-23 11:53 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-17 04:54 . 2009-01-20 02:55 -------- d-----w- c:\programdata\Propellerhead Software
2010-08-17 04:54 . 2009-01-20 02:55 -------- d-----w- c:\users\mblaney\AppData\Roaming\Propellerhead Software
2010-08-14 01:58 . 2010-06-01 01:58 -------- d-----w- c:\program files\M-Audio
2010-08-14 01:51 . 2010-08-14 01:51 -------- d-----w- c:\program files\Common Files\Digidesign
2010-08-13 09:01 . 2010-08-13 09:01 -------- d-----w- c:\program files\softnyxGame
2010-08-13 02:58 . 2010-08-13 02:58 -------- d-----w- c:\users\mblaney\AppData\Roaming\PACE Anti-Piracy
2010-08-13 02:58 . 2010-08-13 02:58 -------- d-----w- c:\programdata\PACE Anti-Piracy
2010-08-13 02:58 . 2010-08-13 02:58 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-08-10 05:57 . 2009-01-18 01:17 -------- d-----w- c:\users\mblaney\AppData\Roaming\dvdcss
2010-08-08 00:33 . 2010-08-08 00:33 -------- d-----w- c:\program files\CCleaner
2010-08-03 19:20 . 2010-08-03 19:20 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-08-03 19:20 . 2010-08-03 19:20 -------- d-----w- c:\program files\Riva
2010-07-29 00:10 . 2010-07-29 00:10 -------- d-----w- c:\program files\D-Fend Reloaded
2010-07-24 02:00 . 2008-12-24 02:40 -------- d-----w- c:\programdata\Roxio
2010-06-29 15:47 . 2010-08-12 09:10 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 09:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-21 13:37 . 2010-08-11 21:01 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 05:24 . 2010-06-21 05:24 50354 ----a-w- c:\users\mblaney\AppData\Roaming\Facebook\uninstall.exe
2010-06-18 17:31 . 2010-08-11 21:00 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 21:00 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 21:00 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 23:03 . 2010-06-16 23:03 57344 ----a-r- c:\users\mblaney\AppData\Roaming\Microsoft\Installer\{6CA2C4D7-4680-4164-95CA-BC79DBF93959}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2010-06-16 23:03 . 2010-06-16 23:03 57344 ----a-r- c:\users\mblaney\AppData\Roaming\Microsoft\Installer\{6CA2C4D7-4680-4164-95CA-BC79DBF93959}\NewShortcut1_B56E5B51EA954C948003CC703E2AFAD5.exe
2010-06-16 16:04 . 2010-08-11 21:00 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-09-23 07:52 . 2008-09-23 07:52 76 --sh--r- c:\windows\CT4CET.bin
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\System32\temppf.sys
2008-09-23 10:23 . 2008-09-23 10:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-07_15.14.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-20 23:20 . 2010-09-07 14:57 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-20 23:20 . 2010-09-07 17:38 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-07 15:29 . 2010-09-07 15:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2008-12-20 23:20 . 2010-09-07 17:38 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-20 23:20 . 2010-09-07 14:57 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-04 20:05 . 2010-09-07 17:38 9778 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\con0p4an.default\pluginreg.dat
- 2010-09-07 14:57 . 2010-09-07 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-13 17:43 . 2010-09-13 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-13 17:43 . 2010-09-13 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-07 14:57 . 2010-09-07 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-13 17:51 633102 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-13 17:51 116660 c:\windows\System32\perfc009.dat
- 2010-09-04 20:04 . 2010-09-04 20:05 102321 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\con0p4an.default\xpti.dat
+ 2010-09-04 20:04 . 2010-09-07 17:38 102321 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\con0p4an.default\xpti.dat
- 2010-09-04 20:04 . 2010-09-04 20:05 147874 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\con0p4an.default\compreg.dat
+ 2010-09-04 20:04 . 2010-09-07 17:38 147874 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\con0p4an.default\compreg.dat
+ 2008-12-20 23:20 . 2010-09-07 17:38 1736704 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-20 23:20 . 2010-09-07 14:57 1736704 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-08-18 2550640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-23 08:15 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=ma_cmidn.dll
"midi3"=ma_cmidn.dll
"midi4"=ma_cmidn.dll
"midi5"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^mblaney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MOG-O-MATIC.lnk]
path=c:\users\mblaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MOG-O-MATIC.lnk
backup=c:\windows\pss\MOG-O-MATIC.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-08-18 00:15 2550640 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-29 05:16 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 17:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SECYPECP;SECYPECP; [x]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2009-11-04 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-11-04 51712]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 158600]
R3 SL3Usb;SL3 driver;c:\windows\system32\Drivers\Sl3.sys [2009-02-16 46184]
R3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\Drivers\TTM57SLUsb.sys [2007-05-21 29568]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656]
R4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2008-12-17 419448]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-16 3571584]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 4408616]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 112936]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-05-20 13224]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\mblaney\AppData\Roaming\Mozilla\Firefox\Profiles\no0rbojn.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\mblaney\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Antares Autotune Evo VST RTAS_is1 - c:\program files\Antares Audio Technologies\Uninstall\unins000.exe
AddRemove-ReCycle v2.1 - c:\progra~1\Recycle\UNWISE.EXE
AddRemove-URS Classic Console Strip Pro VST RTAS_is1 - c:\program files\URS Plugins\Uninstall\unins000.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 12:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220733442-3700202271-1892998609-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:fc,f3,02,ef,b6,0c,93,e4,f2,e4,1a,05,74,4f,ab,27,41,36,32,27,0c,84,8b,
a4,e0,68,51,94,ed,c9,bb,a5,09,5a,a7,fb,80,a9,3b,d7,fc,76,e3,13,34,56,1b,37,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-13 12:45:29
ComboFix-quarantined-files.txt 2010-09-13 18:45
ComboFix2.txt 2010-09-07 15:20

Pre-Run: 55,596,290,048 bytes free
Post-Run: 56,919,343,104 bytes free

- - End Of File - - E0349F8DB70CCE1F9DE262AD3BFDFAA6


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 01:58 PM

Hi,

have you tried using system restore to revert to an infected, but working restore point?

do you have any memory of what you deleted?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 02:03 PM

I tried using a restore point. And, unfortunately, this state is my "last" restore point.

I cannot remember what I deleted.

I do remember seeing Rogue Deus Malware on one, but I read that that is a false positive delete.



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 02:42 PM

Hi,

do you have a Windows CD by any chance?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 02:48 PM

I wish. My Vista install disc is 974 miles away at my parents' house. Best to have it shipped and reinstall? Was hoping to avoid that but knew it was not out of the question.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 02:59 PM

Hi,

no, I was thinking startup repair or running a system file check. Do you have the repair environnement installed by chance? It should be offered at the advanced boot menu, try pressing F8 twice and let me know if you can choose something else beside safe mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 03:07 PM

Yes, I have the Repair Windows option. That took me to a screen that offered "Startup Repair" and when I ran that, my computer shut down completely. I remember trying that as well about a week ago.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 03:18 PM

Hi,

ok, in that advanced boot menu you should have the option to disable automatic restart on reboot. You should then get the opportunity to read the information on the blue screen.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 RoniFrax

RoniFrax
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 13 September 2010 - 03:29 PM

STOP: 0x0000008E (0xC0000005, 0x8222FCC7, 0xA98F691C, 0x00000000)





The rest of the info was just basic restart stuff (there's something wrong with BIOS, restart in safe mode, etc).

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:57 AM

Posted 13 September 2010 - 03:47 PM

Hi,

can you please check if there is a minidump created for the crash? The file should be created in C:\windows\minidump and hold the date of the last crash. If you find it, please zip it and attach to your next reply and we will check if there is more information in there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users