Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus ?


  • This topic is locked This topic is locked
7 replies to this topic

#1 peskyproblems

peskyproblems

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 13 December 2010 - 10:16 AM

when i log on to my user name (only mine there are 3 on this computer)and open explorer my home page comes up then i get pop warning box syssvc.exe trojan alert from avg security i think looks like it anyway i tried running dds tool black box opens then there is a popup that says cant open this file pev.dat so i cant post results or go any further at this time any help would be great

BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:09 PM

Posted 22 December 2010 - 07:29 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

Please post a DDS log and Gmer log. For instructions please read this post:
http://www.bleepingcomputer.com/forums/topic34773.html

#3 peskyproblems

peskyproblems
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 24 December 2010 - 09:35 AM

computer keeps shutting down when i restart it says files corrupt or missing repair now, it scans and repairs then restarts. Sometimes it takes several times before computer will restart. i dont know what the problem is. I tried to reinstall windows with disc to erase everything and start new, it says loading files then stops and wont let me continue. I did notice under my task manager that there are 2 iexplorer running right now i have 4 running. I do have 4 windows open but i've never seen more than 2. I dont know if thats normal or not. Also when i tried to run dds to get log it popped a window that said it could'nt open pev.dat file for dds. I did get a log I hope this helps you help me.
info.txt logfile of random's system information tool 1.08 2010-12-24 08:59:24

======Uninstall list======

-->"C:\Program Files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AbiWord 2.6.8-->C:\Program Files (x86)\AbiSuite2\UninstallAbiWord2.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files (x86)\IObit\Advanced SystemCare 3\unins000.exe"
Agere Systems HDA Modem-->agrsmdel
AVG 9.0-->C:\Program Files (x86)\AVG\AVG9\setup.exe /UNINSTALL
BitComet 1.19-->C:\Program Files (x86)\BitComet\uninst.exe
Business Card Factory Deluxe 2.0-->MsiExec.exe /X{BF953F1A-F946-4804-875D-94B6A6C05CE1}
Camera Assistant Software for Gateway-->C:\Program Files (x86)\InstallShield Installation Information\{39098402-3F7A-4257-A4AE-FC1181D1B40B}\setup.exe -runfromtemp -l0x0009
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F}
ConvertXtoDVD 3.6.2.153-->"C:\Program Files (x86)\VSO\ConvertX\3\unins000.exe"
CyberLink LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"
Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}\setup.exe" -l0x9 -remove -removeonly
Java™ 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 3500-4500 Series-->C:\Program Files (x86)\Lexmark 3500-4500 Series\Install\x64\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files (x86)\\Lexmark Fax Solutions\Install\x64\Uninst.exe /R:faxunst
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money Essentials-->"C:\Program Files (x86)\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
MpcStar 4.0-->C:\Program Files (x86)\MpcStar\uninst.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NWZ-S540 WALKMAN Guide-->MsiExec.exe /X{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}
PokerStars-->"C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PurePlay Poker-->MsiExec.exe /X{60EB76E2-DF31-477B-A28C-2303ADE6629D}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
Startup Delayer v2.5 (build 138)-->C:\Program Files (x86)\r2 Studios\Startup Delayer\Uninstall.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Print Shop Business Card Creator-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BCCBE608-5C44-4507-AE11-55B36AE0E41B}\setup.exe" -l0x9 anything
TypingMaster Pro-->"C:\Program Files (x86)\TypingMaster\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VirusTotal Uploader-->"C:\Program Files (x86)\VirusTotalUploader\uninstall.exe"
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
VLC media player 1.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe
WinRAR-->"C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files (x86)\WinRAR\Uninstall\uninstall.xml"

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Tenley-PC
Event Code: 7000
Message: The lxdiCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 165072
Source Name: Service Control Manager
Time Written: 20101224004354.000000-000
Event Type: Error
User:

Computer Name: Tenley-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Record Number: 165099
Source Name: Service Control Manager
Time Written: 20101224004354.000000-000
Event Type: Error
User:

Computer Name: Tenley-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Bus/Interconnect Error

Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 0
Transaction Type: N/A
Processor Participation: Generic
Request Type: 14
Memory/Io: Memory
Memory Hierarchy Level: Level 0
Timeout: Yes
Record Number: 165121
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20101224122025.542000-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Tenley-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: TLB Error

Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 1
Transaction Type: Data
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: Level 0
Timeout: N/A
Record Number: 165125
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20101224122124.254400-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Tenley-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: TLB Error

Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 2
Transaction Type: Generic
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: Level 0
Timeout: N/A
Record Number: 165126
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20101224122225.094400-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: Tenley-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 47921
Source Name: Microsoft-Windows-WMI
Time Written: 20101223134338.000000-000
Event Type: Error
User:

Computer Name: Tenley-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 47950
Source Name: Microsoft-Windows-WMI
Time Written: 20101223151805.000000-000
Event Type: Error
User:

Computer Name: Tenley-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 47980
Source Name: Microsoft-Windows-WMI
Time Written: 20101223171857.000000-000
Event Type: Error
User:

Computer Name: Tenley-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 48011
Source Name: Microsoft-Windows-WMI
Time Written: 20101224004353.000000-000
Event Type: Error
User:

Computer Name: Tenley-PC
Event Code: 1002
Message: The program iexplore.exe version 8.0.6001.18975 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 11e8 Start Time: 01cba36548f84e40 Termination Time: 0
Record Number: 48023
Source Name: Application Hang
Time Written: 20101224122823.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Tenley-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: TENLEY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Dave
Account Domain: Tenley-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x15ac
Process Name: C:\Windows\System32\consent.exe

Network Information:
Network Address: ::1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 148957
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101224135904.012800-000
Event Type: Audit Success
User:

Computer Name: Tenley-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-1564261308-1642750088-1604866676-1001
Account Name: Dave
Account Domain: Tenley-PC
Logon ID: 0x6334ed

Logon Type: 2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 148958
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101224135904.012800-000
Event Type: Audit Success
User:

Computer Name: Tenley-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: TENLEY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-1564261308-1642750088-1604866676-1001
Account Name: Dave
Account Domain: Tenley-PC
Logon ID: 0x6334e0
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x15ac
Process Name: C:\Windows\System32\consent.exe

Network Information:
Workstation Name: TENLEY-PC
Source Network Address: ::1
Source Port: 0

Detailed Authentication Information:
Logon Process: CredPro
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 148959
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101224135904.012800-000
Event Type: Audit Success
User:

Computer Name: Tenley-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: TENLEY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-1564261308-1642750088-1604866676-1001
Account Name: Dave
Account Domain: Tenley-PC
Logon ID: 0x6334ed
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x15ac
Process Name: C:\Windows\System32\consent.exe

Network Information:
Workstation Name: TENLEY-PC
Source Network Address: ::1
Source Port: 0

Detailed Authentication Information:
Logon Process: CredPro
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 148960
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101224135904.012800-000
Event Type: Audit Success
User:

Computer Name: Tenley-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-1564261308-1642750088-1604866676-1001
Account Name: Dave
Account Domain: Tenley-PC
Logon ID: 0x6334e0

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 148961
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101224135904.012800-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dave at 2010-12-24 08:59:21
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 179 GB (61%) free of 295 GB
Total RAM: 3965 MB (63% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
"C:\Program Files (x86)\AVG\AVG9\avgchsva.exe"
"C:\Program Files (x86)\AVG\AVG9\avgrsa.exe"
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
/pipeName=30d03a4b-9bd0-40c5-9b4a-dbbbd0274e89 /coreSdkOptions=30 /logConfFile="C:\ProgramData\avg9\temp\b1922402-1b64-4f36-a97d-6a9c89e556a8-270-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG9\" /tempPath="C:\ProgramData\avg9\temp\"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
"C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe"
"C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe"
C:\Windows\system32\lxdicoms.exe -service
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
"C:\Program Files (x86)\AVG\AVG9\avgam.exe"
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe"
"C:\Program Files (x86)\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\AVG\AVG9\avgemc.exe"
/pipeName=7714425b-140e-4da9-9028-25d3c720e9bf /coreSdkOptions=0 /binaryPath="C:\Program Files (x86)\AVG\AVG9\"
taskeng.exe {6AFA170D-C626-4BC7-9252-5E9D4359F928}
/pipeName=ff36ef55-5fbb-4d77-ab0c-dfb14b7c5c0e /coreSdkOptions=18 /logConfFile="C:\ProgramData\avg9\temp\159acea0-cf7f-46bd-8108-2b0a88ef802c-954-oopp.tmp" /loggerName=AVG.NS.Core /tempPath="C:\ProgramData\avg9\temp\"
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
Ati2evxx.exe -Client
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
"C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
"C:\Windows\sttray64.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\AVG\AVG9\avgtray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskeng.exe {2856374D-42E6-440D-BB7C-5952DC3CF962}
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4512 CREDAT:71938
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4512 CREDAT:71939
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4512 CREDAT:334081
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4512 CREDAT:71940
"C:\Users\D2\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1564261308-1642750088-1604866676-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1564261308-1642750088-1604866676-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll [2010-12-02 2334560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll [2010-01-28 671480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll [2010-12-02 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]
Search Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]
{9D425283-D487-4337-BAB6-AB8354A81457} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1584184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-26 1021488]
"lxdimon.exe"=C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe [2007-07-16 434864]
"lxdiamon"=C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe [2007-07-16 25264]
"SigmatelSysTrayApp"=C:\Windows\sttray64.exe [2007-09-07 425984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files (x86)\BitComet\BitComet.exe [2010-02-21 2969336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files (x86)\Norton 360\osCheck.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-12-02 2069344]
"StartupDelayer"=C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe [2009-03-08 147456]
"FaxCenterServer"=C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe [2007-07-16 311984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-12-24 08:59:21 ----D---- C:\rsit
2010-12-24 08:59:21 ----D---- C:\Program Files\trend micro
2010-12-24 08:46:57 ----D---- C:\ProgramData\FileCure
2010-12-24 08:46:56 ----D---- C:\Program Files (x86)\ParetoLogic
2010-12-24 08:33:43 ----D---- C:\Users\Dave\AppData\Roaming\EditPlus 3
2010-12-24 08:33:43 ----D---- C:\Program Files (x86)\EditPlus 3
2010-12-21 09:38:05 ----D---- C:\ProgramData\WindowsSearch
2010-12-16 16:20:14 ----D---- C:\Users\Dave\AppData\Roaming\IObit
2010-12-16 16:20:14 ----D---- C:\Program Files (x86)\IObit
2010-12-10 08:55:27 ----D---- C:\Program Files (x86) (x86)
2010-12-10 08:52:54 ----A---- C:\Windows\system32\stlang64.dll
2010-12-10 08:52:54 ----A---- C:\Windows\system32\stacsv64.exe
2010-12-10 08:52:54 ----A---- C:\Windows\sttray64.exe
2010-12-10 08:52:23 ----D---- C:\Program Files\IDT
2010-12-10 08:52:22 ----A---- C:\Windows\system32\stcplx64.dll
2010-12-10 08:52:22 ----A---- C:\Windows\system32\stapo64.dll
2010-12-10 08:52:22 ----A---- C:\Windows\system32\stapi64.dll
2010-12-10 07:42:52 ----A---- C:\Windows\SYSWOW64\sipr3260.dll
2010-12-10 07:42:52 ----A---- C:\Windows\SYSWOW64\Pncrt.dll
2010-12-10 07:42:52 ----A---- C:\Windows\SYSWOW64\drv43260.dll
2010-12-10 07:42:52 ----A---- C:\Windows\SYSWOW64\drv33260.dll
2010-12-10 07:42:52 ----A---- C:\Windows\SYSWOW64\drv23260.dll
2010-12-10 07:42:52 ----A---- C:\Windows\SYSWOW64\cook3260.dll
2010-12-10 07:42:49 ----D---- C:\Program Files (x86)\VSO
2010-12-09 09:45:52 ----D---- C:\Program Files (x86)\XoftSpySE6
2010-12-09 08:30:29 ----D---- C:\ProgramData\XoftSpySE
2010-12-05 09:24:51 ----D---- C:\ProgramData\Comodo
2010-12-05 09:24:48 ----D---- C:\Program Files\COMODO
2010-12-05 09:24:47 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2010-12-05 09:23:47 ----D---- C:\ProgramData\Comodo Downloader
2010-11-30 23:00:23 ----D---- C:\Program Files (x86)\Xirrus
2010-11-25 11:56:48 ----D---- C:\Program Files (x86)\PokerStars.ESPN
2010-11-08 09:48:57 ----D---- C:\Program Files (x86)\Alcohol Soft
2010-11-08 09:08:18 ----D---- C:\Users\Dave\AppData\Roaming\Xilisoft
2010-11-05 06:52:31 ----ASH---- C:\hiberfil.sys
2010-11-02 06:06:24 ----A---- C:\Windows\SYSWOW64\msshsq.dll
2010-11-02 06:06:24 ----A---- C:\Windows\system32\msshsq.dll
2010-11-02 05:49:50 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2010-11-02 05:49:50 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2010-11-02 05:49:50 ----A---- C:\Windows\system32\psisdecd.dll
2010-11-02 05:49:49 ----A---- C:\Windows\system32\EncDec.dll
2010-11-02 05:49:26 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2010-11-02 05:49:26 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2010-11-02 05:49:26 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2010-11-02 05:49:26 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2010-11-02 05:49:26 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2010-11-02 05:49:26 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-11-02 05:49:26 ----A---- C:\Windows\system32\PresentationHost.exe
2010-11-02 05:49:26 ----A---- C:\Windows\system32\netfxperf.dll
2010-11-02 05:49:26 ----A---- C:\Windows\system32\mscoree.dll
2010-11-02 05:49:26 ----A---- C:\Windows\system32\dfshim.dll
2010-11-02 05:32:08 ----A---- C:\Windows\system32\wmp.dll
2010-11-02 05:32:02 ----A---- C:\Windows\SYSWOW64\wmp.dll
2010-11-02 05:31:58 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2010-11-02 05:31:58 ----A---- C:\Windows\system32\wmploc.DLL
2010-11-02 05:31:48 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2010-11-02 05:31:48 ----A---- C:\Windows\system32\inetcomm.dll
2010-11-02 05:31:44 ----A---- C:\Windows\system32\comctl32.dll
2010-11-02 05:31:43 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2010-11-02 05:31:37 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-11-02 05:31:37 ----A---- C:\Windows\system32\tzres.dll
2010-11-02 05:31:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-11-02 05:31:27 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-11-02 05:31:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-11-02 05:31:27 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2010-11-02 05:31:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-11-02 05:31:27 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2010-11-02 05:31:27 ----A---- C:\Windows\system32\msfeedssync.exe
2010-11-02 05:31:27 ----A---- C:\Windows\system32\iesetup.dll
2010-11-02 05:31:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-11-02 05:31:26 ----A---- C:\Windows\SYSWOW64\occache.dll
2010-11-02 05:31:26 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-11-02 05:31:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-11-02 05:31:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2010-11-02 05:31:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-11-02 05:31:26 ----A---- C:\Windows\system32\msfeeds.dll
2010-11-02 05:31:26 ----A---- C:\Windows\system32\iernonce.dll
2010-11-02 05:31:26 ----A---- C:\Windows\system32\ie4uinit.exe
2010-11-02 05:31:25 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-11-02 05:31:25 ----A---- C:\Windows\system32\wininet.dll
2010-11-02 05:31:25 ----A---- C:\Windows\system32\urlmon.dll
2010-11-02 05:31:25 ----A---- C:\Windows\system32\occache.dll
2010-11-02 05:31:25 ----A---- C:\Windows\system32\iedkcs32.dll
2010-11-02 05:31:24 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-11-02 05:31:23 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-11-02 05:31:23 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-11-02 05:31:23 ----A---- C:\Windows\system32\ieframe.dll
2010-11-02 05:31:22 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-11-02 05:31:22 ----A---- C:\Windows\system32\jsproxy.dll
2010-11-02 05:31:22 ----A---- C:\Windows\system32\ieui.dll
2010-11-02 05:31:22 ----A---- C:\Windows\system32\iertutil.dll
2010-11-02 05:31:22 ----A---- C:\Windows\system32\iepeers.dll
2010-11-02 05:31:21 ----A---- C:\Windows\system32\mstime.dll
2010-11-02 05:31:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-11-02 05:31:20 ----A---- C:\Windows\system32\mshtml.dll
2010-11-02 05:31:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-11-02 05:31:18 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-11-02 05:31:18 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2010-11-02 05:31:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2010-11-02 05:31:18 ----A---- C:\Windows\system32\mshtmled.dll
2010-11-02 05:31:18 ----A---- C:\Windows\system32\licmgr10.dll
2010-11-02 05:31:18 ----A---- C:\Windows\system32\ieUnatt.exe
2010-11-02 05:31:18 ----A---- C:\Windows\system32\iesysprep.dll
2010-11-02 05:31:12 ----A---- C:\Windows\SYSWOW64\GameUXLegacyGDFs.dll
2010-11-02 05:31:12 ----A---- C:\Windows\SYSWOW64\Apphlpdm.dll
2010-11-02 05:31:12 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-11-02 05:31:12 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-11-02 05:31:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-11-02 05:30:58 ----A---- C:\Windows\system32\srvsvc.dll
2010-11-02 05:30:58 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-11-02 05:30:58 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-11-02 05:30:58 ----A---- C:\Windows\system32\drivers\srv.sys
2010-11-02 05:30:57 ----A---- C:\Windows\SYSWOW64\sscore.dll
2010-11-02 05:30:57 ----A---- C:\Windows\system32\sscore.dll
2010-11-02 05:30:56 ----A---- C:\Windows\SYSWOW64\netevent.dll
2010-11-02 05:30:56 ----A---- C:\Windows\system32\netevent.dll
2010-11-02 05:30:51 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2010-11-02 05:30:51 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2010-11-02 05:30:49 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-11-02 05:30:49 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-11-02 05:30:49 ----A---- C:\Windows\system32\atmlib.dll
2010-11-02 05:30:49 ----A---- C:\Windows\system32\atmfd.dll
2010-11-02 05:30:45 ----A---- C:\Windows\system32\shell32.dll
2010-11-02 05:30:43 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-11-02 05:30:40 ----A---- C:\Windows\SYSWOW64\ole32.dll
2010-11-02 05:30:40 ----A---- C:\Windows\system32\ole32.dll
2010-11-02 05:30:38 ----A---- C:\Windows\system32\win32k.sys
2010-11-02 05:30:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-11-02 05:30:33 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2010-11-02 05:30:33 ----A---- C:\Windows\system32\asycfilt.dll
2010-11-02 05:30:29 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-11-02 05:30:29 ----A---- C:\Windows\system32\msxml3.dll
2010-11-02 05:30:27 ----A---- C:\Windows\system32\spoolsv.exe
2010-11-02 05:30:24 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-11-02 05:30:24 ----A---- C:\Windows\system32\rtutils.dll
2010-11-02 05:30:22 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-11-02 05:30:22 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-11-02 05:30:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-11-02 05:30:20 ----A---- C:\Windows\SYSWOW64\usp10.dll
2010-11-02 05:30:20 ----A---- C:\Windows\system32\usp10.dll
2010-11-02 05:30:17 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2010-11-02 05:30:17 ----A---- C:\Windows\system32\wintrust.dll
2010-11-02 05:30:16 ----A---- C:\Windows\SYSWOW64\MP4SDECD.DLL
2010-11-02 05:30:16 ----A---- C:\Windows\system32\MP4SDECD.DLL
2010-11-02 05:30:15 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2010-11-02 05:30:15 ----A---- C:\Windows\system32\t2embed.dll
2010-11-02 05:29:44 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-11-02 05:29:43 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2010-11-02 05:29:43 ----A---- C:\Windows\system32\vbscript.dll
2010-11-02 05:29:41 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-11-02 05:29:41 ----A---- C:\Windows\system32\schannel.dll
2010-11-02 05:28:30 ----A---- C:\Windows\SYSWOW64\cabview.dll
2010-11-02 05:28:30 ----A---- C:\Windows\system32\cabview.dll
2010-11-02 05:25:41 ----A---- C:\Windows\SYSWOW64\quartz.dll
2010-11-02 05:25:41 ----A---- C:\Windows\system32\quartz.dll
2010-11-02 05:22:45 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2010-11-02 05:22:45 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-27 11:19:51 ----A---- C:\Avi2Dvd_Log.txt
2010-10-27 11:16:12 ----D---- C:\Program Files (x86)\Xvid
2010-10-27 11:12:07 ----D---- C:\Program Files (x86)\AC3Filter
2010-10-27 11:11:28 ----D---- C:\Program Files (x86)\AviSynth 2.5
2010-10-25 16:00:44 ----D---- C:\Users\Dave\AppData\Roaming\CyberLink
2010-10-25 16:00:43 ----D---- C:\ProgramData\CyberLink
2010-10-24 09:01:44 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-10-24 09:01:44 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-10-24 09:01:44 ----A---- C:\Windows\SYSWOW64\java.exe
2010-10-24 09:01:44 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

======List of files/folders modified in the last 3 months======

2010-12-24 08:59:21 ----RD---- C:\Program Files
2010-12-24 08:59:04 ----D---- C:\Windows\Temp
2010-12-24 08:52:39 ----HD---- C:\ProgramData
2010-12-24 08:52:39 ----D---- C:\Windows\Tasks
2010-12-24 08:52:39 ----D---- C:\Program Files (x86)\Common Files
2010-12-24 08:47:06 ----D---- C:\Windows\system32\Tasks
2010-12-24 08:46:56 ----RD---- C:\Program Files (x86)
2010-12-24 08:46:09 ----D---- C:\Downloads
2010-12-24 07:24:32 ----D---- C:\Windows\system32\drivers\Avg
2010-12-24 07:20:24 ----A---- C:\Windows\system32\rpcnetp.exe
2010-12-23 19:48:40 ----SHD---- C:\Windows\Installer
2010-12-23 19:48:35 ----D---- C:\ProgramData\Microsoft Help
2010-12-23 19:48:21 ----D---- C:\Windows\Prefetch
2010-12-23 19:42:31 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll
2010-12-23 19:42:30 ----A---- C:\Windows\SYSWOW64\rpcnet.dll
2010-12-23 19:42:14 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe
2010-12-23 18:45:54 ----SHD---- C:\System Volume Information
2010-12-23 08:26:20 ----D---- C:\Windows\system32\config
2010-12-23 08:26:14 ----D---- C:\Windows\SysWOW64
2010-12-23 08:26:14 ----D---- C:\Windows\system32\spool
2010-12-23 08:26:14 ----D---- C:\Windows\system32\Msdtc
2010-12-23 08:26:14 ----D---- C:\Windows\system32\catroot2
2010-12-23 08:26:14 ----D---- C:\Windows\System32
2010-12-23 08:26:14 ----D---- C:\Windows\inf
2010-12-23 08:26:14 ----D---- C:\Windows
2010-12-23 08:26:12 ----D---- C:\Windows\system32\wbem
2010-12-23 08:26:12 ----D---- C:\Windows\registration
2010-12-22 17:51:51 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-22 17:51:51 ----D---- C:\Program Files (x86)\Windows Media Player
2010-12-22 17:51:50 ----D---- C:\Users\Dave\AppData\Roaming\vlc
2010-12-22 17:51:50 ----D---- C:\Users\Dave\AppData\Roaming\TypingMaster7
2010-12-22 17:51:49 ----D---- C:\Users\Dave\AppData\Roaming\dvdcss
2010-12-22 17:51:49 ----D---- C:\Users\Dave\AppData\Roaming\Azureus
2010-12-21 20:23:34 ----D---- C:\Program Files (x86)\BitComet
2010-12-18 16:00:11 ----D---- C:\ProgramData\Lx_cats
2010-12-16 20:04:44 ----D---- C:\Users\Dave\AppData\Roaming\Vso
2010-12-16 18:27:34 ----D---- C:\Windows\Minidump
2010-12-16 18:27:34 ----D---- C:\ProgramData\AVG Security Toolbar
2010-12-16 18:13:31 ----D---- C:\Program Files (x86)\Vuze
2010-12-16 18:13:31 ----D---- C:\Program Files (x86)\PokerStars
2010-12-16 18:13:31 ----D---- C:\Program Files (x86)\Lexmark Fax Solutions
2010-12-16 18:13:31 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-16 17:25:32 ----D---- C:\Program Files (x86)\WinRAR
2010-12-13 20:27:20 ----SHD---- C:\$Recycle.Bin
2010-12-13 20:26:53 ----RD---- C:\Users
2010-12-11 14:26:43 ----D---- C:\Program Files (x86)\Lexmark 3500-4500 Series
2010-12-10 08:53:10 ----D---- C:\Program Files (x86)\IDT
2010-12-10 08:52:51 ----D---- C:\Windows\system32\catroot
2010-12-10 07:42:56 ----A---- C:\Users\Dave\AppData\Roaming\inst.exe
2010-12-09 10:10:36 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2010-12-09 10:10:34 ----D---- C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com
2010-12-09 09:11:10 ----SD---- C:\Users\Dave\AppData\Roaming\Microsoft
2010-12-08 18:34:22 ----D---- C:\Windows\AppPatch
2010-12-08 11:55:48 ----SD---- C:\ProgramData\Microsoft
2010-12-06 12:02:11 ----D---- C:\Windows\Microsoft.NET
2010-12-05 18:33:33 ----RSD---- C:\Windows\assembly
2010-12-05 17:48:39 ----D---- C:\Windows\SYSWOW64\en-US
2010-12-05 17:48:39 ----D---- C:\Windows\system32\en-US
2010-12-05 17:48:35 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-12-05 09:27:50 ----D---- C:\Windows\system32\drivers
2010-12-02 10:00:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-30 11:38:02 ----D---- C:\ProgramData\App4rTemp
2010-11-21 19:14:37 ----N---- C:\Windows\SYSWOW64\rpcnet.exe
2010-11-19 17:01:47 ----D---- C:\Program Files (x86)\Java
2010-11-19 11:55:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-08 12:00:46 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-07 19:40:25 ----D---- C:\Program Files\Google
2010-11-07 19:40:24 ----D---- C:\Program Files (x86)\Google
2010-11-07 15:34:04 ----D---- C:\ProgramData\Google
2010-11-02 18:00:02 ----D---- C:\Windows\rescache
2010-11-02 17:41:20 ----D---- C:\Windows\SYSWOW64\wbem
2010-11-02 17:41:18 ----D---- C:\Windows\SYSWOW64\migration
2010-11-02 17:41:18 ----D---- C:\Program Files\Internet Explorer
2010-11-02 17:41:17 ----D---- C:\Windows\system32\migration
2010-11-02 17:41:16 ----D---- C:\Windows\ehome
2010-11-02 17:41:16 ----D---- C:\Program Files\Windows Media Player
2010-11-02 17:41:15 ----RSD---- C:\Windows\Fonts
2010-11-02 17:41:13 ----D---- C:\Program Files\Windows Mail
2010-11-02 17:41:13 ----D---- C:\Program Files\Movie Maker
2010-11-02 17:41:13 ----D---- C:\Program Files (x86)\Windows Mail
2010-11-02 06:08:13 ----D---- C:\Windows\winsxs
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-07 10:10:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-11-06 16656]
R0 AvgRkx64;avgrkx64.sys; C:\Windows\System32\Drivers\avgrkx64.sys [2010-03-05 56008]
R1 AvgLdx64;AVG AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2010-10-19 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2010-06-01 35536]
R1 AvgTdiA;AVG Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2010-06-23 317520]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2008-02-29 1252352]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-19 4212224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 19304]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-08-23 82816]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2007-10-03 136704]
R3 RTL8187Se;Realtek RTL8187S Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys [2008-01-16 335360]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR64.SYS [2007-09-27 60416]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt64.sys [2007-09-07 392192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-26 305976]
R3 usbvideo;Gateway USB 2.0 Webcam; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 168704]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-05-23 20784]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-06-11 17952]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 46080]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 108544]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe [2007-12-10 15872]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-19 851456]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-10-19 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-02 308136]
R2 ETService;Empowering Technology Service; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 lxdi_device;lxdi_device; C:\Windows\system32\lxdicoms.exe [2007-06-11 876976]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2010-11-21 57752]
R2 STacSV;SigmaTel Audio Service; C:\Program Files (x86)\IDT\WDM\STacSV64.exe [2007-09-07 119296]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:09 PM

Posted 27 December 2010 - 06:11 AM

Hi peskyproblems,

I'm sorry for the delay but you post your answer in another topic! Please post the answers in the same topic as a reply ;)

Let's go on with the analysis:


Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#5 peskyproblems

peskyproblems
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 27 December 2010 - 08:46 AM

Sorry i posted in the wrong spot last time. ok I already had mbam installed, here is the maleware scan log . I also have about 13 more logs all the way back to Feb. 2010 if you need to see those. I also got a new problem Sunday as soon as i logged on the computer scan started automatically said system was infected security threat. it would'nt let me shut it off not even w/ taskmanager. there were big red letters saying warning when i minimized the scan box on my whole desktop with a couple of paragraphs of warning message took me to a screen to buy product to get rid of problem. I logged off user and went on another and did'nt do any where else??????
Malwarebytes' Anti-Malware 1.44
Database version: 3724
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

12/27/2010 8:20:45 AM
mbam-log-2010-12-27 (08-20-45).txt

Scan type: Quick Scan
Objects scanned: 137295
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



here is the otl log

OTL logfile created on: 12/27/2010 8:38:53 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\D2\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.09 Gb Total Space | 169.14 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: TENLEY-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/27 08:38:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\D2\Desktop\OTL.exe
PRC - [2010/12/02 07:55:04 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 07:55:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/12/02 07:54:15 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/21 19:14:37 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/10/19 20:50:33 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/06/23 08:43:52 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/17 22:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2007/07/16 11:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 11:54:07 | 000,434,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe


========== Modules (SafeList) ==========

MOD - [2010/12/27 08:38:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\D2\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/02/19 09:07:08 | 000,851,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/06/11 09:15:08 | 000,876,976 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007/06/11 09:14:59 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2010/12/02 07:55:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/11/21 19:14:37 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/10/19 20:50:33 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/07 10:25:18 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2007/06/11 09:14:51 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdicoms.exe -- (lxdi_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/10/19 20:50:33 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/23 08:44:11 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/01 13:45:55 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/05 08:14:53 | 000,056,008 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2009/08/23 03:08:02 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2008/04/17 09:12:54 | 000,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/19 11:53:18 | 004,212,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/16 04:11:28 | 000,335,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2007/10/03 03:18:20 | 000,136,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/09/27 23:13:32 | 000,060,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/09/07 13:26:06 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/05/23 19:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/04/26 04:38:44 | 000,305,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/06 21:30:56 | 000,016,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=m-1634u
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=m-1634u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=m-1634u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=m-1634u


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=m-1634u
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274

IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=m-1634u
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1564261308-1642750088-1604866676-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1564261308-1642750088-1604866676-1001\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Dave\Pictures\media1[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Dave\Pictures\media1[1].jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a583ba24-3037-11df-aab8-00e0b8ea64d8}\Shell - "" = AutoRun
O33 - MountPoints2\{a583ba24-3037-11df-aab8-00e0b8ea64d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 07:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\oDdAb06303
[2010/12/24 08:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/12/24 08:59:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010/12/24 08:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2010/12/24 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2010/12/24 08:33:43 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\EditPlus 3
[2010/12/24 08:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EditPlus 3
[2010/12/21 09:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/12/16 16:20:14 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\IObit
[2010/12/16 16:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/12/10 08:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86) (x86)
[2010/12/10 08:52:54 | 000,425,984 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2010/12/10 08:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/12/10 08:51:31 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Audio_Sigmatel_v.6.10.5609.0_Vista all
[2010/12/10 07:42:52 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\Pncrt.dll
[2010/12/10 07:42:52 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv43260.dll
[2010/12/10 07:42:52 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv33260.dll
[2010/12/10 07:42:52 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv23260.dll
[2010/12/10 07:42:52 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\sipr3260.dll
[2010/12/10 07:42:52 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\cook3260.dll
[2010/12/10 07:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/12/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/12/09 09:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XoftSpySE6
[2010/12/09 08:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/12/05 09:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/12/05 09:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/12/05 09:24:47 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2010/12/05 09:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/11/30 23:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2010/02/24 08:06:33 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2010/02/24 08:06:33 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2010/02/24 08:06:32 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2010/02/24 08:06:31 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2010/02/24 08:06:31 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2010/02/24 08:06:31 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2010/02/24 08:06:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2010/02/24 08:06:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2010/02/24 08:06:30 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2010/02/24 08:06:30 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2010/02/24 08:06:30 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2009/08/23 03:08:02 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dave\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/27 08:08:51 | 069,397,082 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/27 07:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1564261308-1642750088-1604866676-1001UA.job
[2010/12/27 07:32:23 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/12/27 07:32:15 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/12/27 07:32:14 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/12/27 07:32:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/12/27 07:32:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 07:32:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 07:31:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 07:31:49 | 4158,767,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 07:31:46 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/12/27 05:25:23 | 000,381,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/26 06:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1564261308-1642750088-1604866676-1001Core.job
[2010/12/25 11:09:08 | 000,001,044 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\vso_ts_preview.xml
[2010/12/16 16:20:21 | 000,000,134 | ---- | M] () -- C:\Users\Dave\Desktop\IObit Freeware.url
[2010/12/16 08:40:55 | 000,060,928 | ---- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/15 17:23:18 | 000,002,001 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 17:23:17 | 000,002,039 | ---- | M] () -- C:\Users\Dave\Desktop\Google Chrome.lnk
[2010/12/15 09:32:04 | 000,967,680 | -HS- | M] () -- C:\Users\Dave\ehthumbs_vista.db
[2010/12/13 18:14:19 | 000,058,368 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2010/12/13 09:53:03 | 000,000,000 | ---- | M] () -- C:\Users\Dave\defogger_reenable
[2010/12/10 07:42:56 | 000,099,384 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\inst.exe
[2010/12/10 07:42:56 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Dave\AppData\Roaming\pcouffin.sys
[2010/12/10 07:42:56 | 000,007,859 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\pcouffin.cat
[2010/12/10 07:42:56 | 000,001,167 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\pcouffin.inf
[2010/12/10 07:42:55 | 000,001,053 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDvd.lnk
[2010/12/10 07:42:55 | 000,001,029 | ---- | M] () -- C:\Users\Dave\Desktop\ConvertXtoDvd 3.lnk
[2010/12/09 10:10:38 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/05 09:24:47 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2010/12/03 10:53:25 | 000,026,804 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/16 16:20:21 | 000,000,134 | ---- | C] () -- C:\Users\Dave\Desktop\IObit Freeware.url
[2010/12/13 09:53:03 | 000,000,000 | ---- | C] () -- C:\Users\Dave\defogger_reenable
[2010/12/10 08:52:54 | 005,596,160 | ---- | C] () -- C:\Windows\SysNative\idtsg64.cpl
[2010/12/10 08:52:54 | 001,603,584 | ---- | C] () -- C:\Windows\SysNative\stlang64.dll
[2010/12/10 08:52:54 | 000,119,296 | ---- | C] () -- C:\Windows\SysNative\stacsv64.exe
[2010/12/10 08:52:22 | 000,620,544 | ---- | C] () -- C:\Windows\SysNative\stapo64.dll
[2010/12/10 08:52:22 | 000,365,056 | ---- | C] () -- C:\Windows\SysNative\stapi64.dll
[2010/12/10 08:52:22 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\stcplx64.dll
[2010/12/10 07:42:55 | 000,001,053 | ---- | C] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDvd.lnk
[2010/12/10 07:42:55 | 000,001,029 | ---- | C] () -- C:\Users\Dave\Desktop\ConvertXtoDvd 3.lnk
[2010/12/09 10:10:38 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/07 16:37:07 | 000,378,730 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistMSI1111.txt
[2010/11/07 16:37:04 | 000,034,900 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistUI1111.txt
[2010/03/12 21:08:03 | 000,005,207 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/02/24 08:06:33 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2010/02/24 08:06:33 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2010/02/23 11:28:39 | 000,000,732 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps64.dat
[2010/02/01 22:06:54 | 000,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2010/02/01 22:06:02 | 000,000,024 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\MyPhrases.dta
[2010/01/10 09:59:57 | 000,026,804 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[2010/01/02 15:28:00 | 000,003,098 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/25 12:58:34 | 000,001,356 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
[2009/08/24 04:39:08 | 000,060,928 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/23 03:17:00 | 000,001,044 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\vso_ts_preview.xml
[2009/08/23 03:08:02 | 000,099,384 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\inst.exe
[2009/08/23 03:08:02 | 000,007,859 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.cat
[2009/08/23 03:08:02 | 000,001,167 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.inf
[2008/10/03 00:10:50 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

#6 peskyproblems

peskyproblems
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 27 December 2010 - 08:48 AM

OTL Extras logfile created on: 12/27/2010 8:38:53 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\D2\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.09 Gb Total Space | 169.14 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: TENLEY-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A70011-AB2C-43F8-A0D5-FD58787FD97B}" = rport=2178 | protocol=6 | dir=out | app=system |
"{0DF855B6-87BA-4AA3-9E5E-028BE5486BD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14BD7E1A-AF60-4093-A2BB-5F7109850C75}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{311BF034-D975-4850-8E2B-194799C79CD2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D9DEBEB-C17D-4444-96D2-C4BA4465F57D}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{42AF1AE3-812E-4142-AB76-066DF13B8F1A}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{45ED643C-D019-4717-B15E-A8BAE494304F}" = lport=2178 | protocol=6 | dir=in | app=system |
"{48C6B426-41C2-413F-BFD6-E5D56241D6F7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{4ADA815D-4E52-4AD3-89C5-7CCE4C9C836C}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{538423FC-1985-405F-BB34-EB49C5848FC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{55FD97C8-24D4-43D1-ACB1-FB5FB0BC1FE8}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{5F1B9EB3-1EB5-4E1C-B6EB-55906CBEAAE7}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{73E72EA5-FAA0-4FB4-9415-09C0D5C1C74E}" = rport=2178 | protocol=6 | dir=out | app=system |
"{767FF474-BB0D-40A3-A3F5-DBED8679BE04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{9B39185A-F369-4193-BAFF-9B1E8ED204B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A2AC429B-6C5E-47E8-B0F5-D2DBC7C386B3}" = lport=18164 | protocol=6 | dir=in | name=bitcomet 18164 tcp |
"{A6705C54-CB58-4CD8-9F43-AB00957582FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AC1FE56A-8DD9-4D4D-A0CD-9317CE7FA40A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{AF10DA8C-8E12-4B43-8E45-B52FE545F507}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{C1AE33C3-569D-4090-80B8-2D166D2D05BD}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{C1CBA45F-6E2F-4487-B640-56F5C35D5AFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{C45C880B-E759-4053-BF7D-B984B3192E88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C98FAF44-0C36-41E4-AD6A-91E7CA0448EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{CDE4C91D-8961-4EEB-9148-EB810E1856F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CE1B9717-FBED-4CA3-9652-45B7D4C09657}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{CED4934C-6781-489C-B110-893CBFE62027}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D008481A-A79C-4993-915B-E6FA86352A15}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{D18F86EB-0A65-409D-9921-F2D4C696F1C3}" = lport=2178 | protocol=6 | dir=in | app=system |
"{EC91A66E-ED70-4B71-A662-8A8902F95E4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ED36DC74-B191-4D0A-9B81-A2921021D032}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F9707194-51D4-4A12-B628-699A7BE5312B}" = lport=18164 | protocol=17 | dir=in | name=bitcomet 18164 udp |
"{FEEE78AC-3AA2-40B6-8E8D-E1E0FCB08E86}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0866465D-F6D6-4226-91BE-1410A089BB4E}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1F6EC8EE-7EB6-4F82-A20B-19BD70E67E87}" = protocol=6 | dir=out | app=system |
"{277190DC-8298-454C-952B-009A055CD3C7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2EA5D1FC-8204-40B6-8F72-04C2F8D6B32D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{77529685-FC82-4E91-A8E2-52D918B65CFF}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{9496F6F0-922F-4D2A-9B28-C140B272D924}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{A7C2A2DB-223F-4A4E-AB72-CF65E8CE6E69}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D118EBF8-553A-4C42-A158-A0972CF8D2DB}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{DE6763C2-95DE-429A-B0F2-5DB095115C38}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{DF2626DF-BA8E-402D-9402-9C90060271F7}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"TCP Query User{08AABE4F-1DB6-4AFA-9748-B234B9394ED3}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{230C3611-467D-4CED-8487-BBD5B2DFA63E}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{2DF5CFC0-89AD-4D28-BC19-BAA09DD42EF4}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{37A3E177-8D78-4D3C-9839-A0F83CE703AD}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{65682888-E1DF-4A8B-AB44-F65EAA67B310}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{7FEBF322-189A-4B06-B455-2745A7D2E33F}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{85C92F8C-05A6-441F-AD6E-0005A90F47DD}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"TCP Query User{97F58511-B99A-4E46-8CDC-A4090256344D}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{AE42BA1F-3F7C-404D-A4CC-B553012438A8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{C497231B-2035-4825-A92E-A2C38F0ED196}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{DF60F5CA-8C9F-4CD9-A2B1-496C41650791}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{E0F4AD4C-7EF4-4C32-9340-F02581CAF051}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"UDP Query User{0744EA8F-3A81-4CDB-AD27-ECCB52AC936A}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{11E2597E-BD4E-4A62-9132-B5CD0AFD5B43}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{2164FA67-D32F-4F4E-9682-135261F9BE6C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3CE1A45A-BD70-4A85-8BF5-425C1FEBD4D0}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe |
"UDP Query User{3EAAA7B8-E630-42EB-9B3E-E956B0EDDCA9}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"UDP Query User{40B07EBE-D6AA-4901-BEF0-4FEFF2C40123}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{4570BEE0-2F53-4F1A-B0D6-5F42238062D1}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{58976612-44FB-4860-B32A-90D4CB09515D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B0E3843B-04C6-414E-9154-070C3D6C2854}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{ED1B2269-8A2B-4D13-9D73-74E520E49659}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"UDP Query User{EE6C7EC8-66EF-4EFB-840E-C538CF7A036D}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{F2BD8329-D656-44F3-B932-36E12233A5DB}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBDF4104-C792-9966-5BD1-1ED194F6463B}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F2DEEBA8-A002-2284-29AF-FD617C516205}" = ATI Catalyst Install Manager
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04556BAC-C71E-A594-B072-0EFB552354A0}" = Skins
"{04C6CA76-455E-6DD5-2FF6-E3A2CB500D16}" = CCC Help Chinese Traditional
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{089DDC39-5555-6F4A-51D1-6C7892CEA39A}" = CCC Help French
"{124C122C-4CB2-B5E3-AB1A-52ABA844ACFB}" = CCC Help Polish
"{190D6D04-51FF-F77E-B763-0DD5C3346154}" = Catalyst Control Center Localization Polish
"{227DD923-69CD-11B8-F93E-209E620AB54D}" = Catalyst Control Center Graphics Previews Vista
"{23BB8E4B-4564-53BE-F8FF-7CE684A598C1}" = Catalyst Control Center Localization Dutch
"{244551D1-96C7-25FB-3FCA-01AB9CE2F70C}" = CCC Help Finnish
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{319D2D6E-3B86-7669-B353-0BB827239B89}" = Catalyst Control Center Localization Swedish
"{31FE8F27-D499-1611-8789-201228222ED0}" = CCC Help Thai
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3410BFCA-6EFA-FC63-7C5B-CEA04724045A}" = Catalyst Control Center Localization German
"{350D378E-7BD3-2258-59C7-42E9DB6B4965}" = CCC Help English
"{358E5A92-D855-D7DF-64CC-5A45A81CF12A}" = CCC Help Swedish
"{37E49FF4-42AD-0F92-CBBA-23B5B5BDF203}" = Catalyst Control Center Core Implementation
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3B5E816A-EC9A-676F-FC34-2A7A3C95C806}" = CCC Help Dutch
"{3CF67FE9-795B-6533-7D8A-C2BF82FEAEFC}" = CCC Help Korean
"{3CF74402-9ED5-6123-B676-0A069DB5771C}" = Catalyst Control Center Localization Japanese
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43F2E8C1-AE70-EAF5-FE20-78BC93E11473}" = Catalyst Control Center Graphics Full New
"{44C80944-2332-29C9-9A98-5C100E93055E}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{57CBE859-CED9-40F5-4AEA-46FF943FA4BA}" = CCC Help Italian
"{5BD9E335-E22B-8315-9E22-5C080BB9259D}" = Catalyst Control Center Graphics Light
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FBC6BE7-75C9-FCF5-87F1-C00E768A4A2B}" = CCC Help Danish
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{614767E5-AC42-3A42-F001-A0A44BC8A37C}" = CCC Help Chinese Standard
"{6233B712-9BDD-E577-1DB1-B63559702DD1}" = Catalyst Control Center Localization Thai
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7468F85A-8425-90CB-2BE4-E4E19DB0B6A1}" = CCC Help Hungarian
"{761FD2DE-7074-E92F-F286-ABEA84909F1C}" = Catalyst Control Center Localization Czech
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.2.153
"{782BD419-3C15-2426-BEFF-04DB87005FB7}" = Catalyst Control Center Localization Norwegian
"{78EA6F81-198A-9783-5EA3-CFE90A4E5EE3}" = CCC Help Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{7FB718EF-F5A2-E682-80B6-6F3168C57E34}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E114BA-ECE1-68A3-4230-739527F229E4}" = Catalyst Control Center Localization Finnish
"{84682010-8448-FF58-E177-CAABCA209D4F}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9E8096E2-3C23-70C7-BE0A-D1FC96FEED60}" = Catalyst Control Center Localization Chinese Traditional
"{A163FEDA-FB0D-D119-A5BC-5B6AC0A82928}" = Catalyst Control Center Localization French
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B06B78B6-6515-C6F6-82F6-5ED76B886D0E}" = Catalyst Control Center Localization Spanish
"{B4C8F6E4-9E07-8A2C-5888-C00CF1DD9DCC}" = CCC Help Spanish
"{B7FE64FE-9B1B-1BDD-0EF4-437E7B4A88C2}" = Catalyst Control Center Localization Chinese Standard
"{B82DD456-4A5D-574C-7251-8D4634EAA19C}" = CCC Help Japanese
"{BCCBE608-5C44-4507-AE11-55B36AE0E41B}" = The Print Shop Business Card Creator
"{BCCD9B6D-C5C3-9319-006C-4BFE324043ED}" = Catalyst Control Center Localization Russian
"{BF69C0EF-EFE3-241E-0B7C-0C82BA9191C2}" = ccc-core-static
"{BF953F1A-F946-4804-875D-94B6A6C05CE1}" = Business Card Factory Deluxe 2.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6BCB65D-2437-14A8-3D82-3F7D15B87DC4}" = CCC Help Portuguese
"{CA91CACA-DAD8-1B31-D6D8-711F52D0DA07}" = Catalyst Control Center Localization Hungarian
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC2C5E95-ED1D-D9C2-68C2-8D831E77DA43}" = Catalyst Control Center Localization Turkish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE9ECED5-BFFB-E5B7-5709-C6D88669524C}" = CCC Help Czech
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D7A509C5-5057-8E48-8D6C-1FBD70732B9E}" = Catalyst Control Center Localization Danish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E5D016B8-28D4-5FEC-2BC2-04B8B4084C51}" = Catalyst Control Center Localization Italian
"{EEE6B9CB-2C66-BB28-65C6-78CED74A9246}" = Catalyst Control Center Localization Portuguese
"{F2205E27-E5E6-3196-5AF3-DE85E8DF6E18}" = CCC Help German
"{F47E9DF0-CBD1-81FF-FB27-5EDF3294C3FA}" = Catalyst Control Center Localization Greek
"{F9982B6D-B492-1385-8E58-34505D9AA54D}" = CCC Help Norwegian
"{FDB9110B-21CA-FAA9-DF9F-0ED9622F9ECA}" = Catalyst Control Center Localization Korean
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"AbiWord2" = AbiWord 2.6.8
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"BitComet" = BitComet 1.19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Money2007b" = Microsoft Money Essentials
"MpcStar" = MpcStar 4.0
"PokerStars" = PokerStars
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"VirusTotalUploader" = VirusTotal Uploader
"VLC media player" = VLC media player 1.0.1
"WildTangent gateway Master Uninstall" = Gateway Games
"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1564261308-1642750088-1604866676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2010 10:44:28 AM | Computer Name = Tenley-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2010 12:09:16 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 1:58:26 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 2:49:32 PM | Computer Name = Tenley-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 590 Start Time: 01cb97081f805620 Termination Time: 0

Error - 12/8/2010 4:38:51 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 5:02:57 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 7:35:41 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 9:32:22 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 9:44:52 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 9:54:25 PM | Computer Name = Tenley-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 2/26/2010 6:37:30 PM | Computer Name = Tenley-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/27/2010 6:33:40 AM | Computer Name = Tenley-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/27/2010 8:31:31 AM | Computer Name = Tenley-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/27/2010 8:31:39 AM | Computer Name = Tenley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/27/2010 8:31:40 AM | Computer Name = Tenley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/27/2010 8:31:46 AM | Computer Name = Tenley-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/27/2010 8:32:03 AM | Computer Name = Tenley-PC | Source = HTTP | ID = 15016
Description =

Error - 12/27/2010 8:33:23 AM | Computer Name = Tenley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/27/2010 8:33:23 AM | Computer Name = Tenley-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/27/2010 8:33:23 AM | Computer Name = Tenley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/27/2010 8:33:23 AM | Computer Name = Tenley-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#7 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:09 PM

Posted 27 December 2010 - 10:03 AM

hi peskyproblems,


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:09 PM

Posted 12 January 2011 - 03:12 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users