Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't connect to the internet after running combofix


  • This topic is locked This topic is locked
43 replies to this topic

#1 swerp

swerp

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 23 September 2012 - 02:34 PM

I can't connect to the internet after running combofix. attached are my combofix logs


ComboFix 12-09-20.02 - Kyle Schwab 09/20/2012 21:56:28.1.2 - x64
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2115 [GMT -5:00]
Running from: c:\users\Kyle Schwab\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\JNItMPcOKCC.exe
c:\programdata\mhC8BVOcyzI79o
c:\users\Kyle Schwab\AppData\Roaming\Install.dat
c:\users\Kyle Schwab\GoToAssistDownloadHelper.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 03:42 . 2012-09-21 03:50 -------- d-----w- c:\users\Kyle Schwab\AppData\Local\temp
2012-09-21 03:42 . 2012-09-21 03:42 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-09-21 03:42 . 2012-09-21 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 06:44 . 2012-09-19 06:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-19 06:15 . 2012-09-19 06:14 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-19 01:00 . 2012-09-21 01:30 -------- d-----w- c:\program files (x86)\FTL
2012-09-17 06:49 . 2012-09-17 06:49 -------- d-----w- c:\program files\CCleaner
2012-09-17 06:19 . 2012-09-17 06:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-14 08:03 . 2012-09-14 08:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-13 20:44 . 2012-09-13 20:44 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-29 01:15 . 2012-09-14 09:25 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2012-08-29 01:14 . 2012-08-29 01:14 633 ----a-w- C:\user.js
2012-08-29 01:14 . 2012-08-29 01:14 -------- d-----w- c:\programdata\Babylon
2012-08-29 01:14 . 2012-08-29 01:14 -------- d-----w- c:\users\Kyle Schwab\AppData\Roaming\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 03:46 . 2009-07-04 14:54 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-21 03:46 . 2009-07-07 19:53 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-09-19 06:14 . 2010-08-27 17:16 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 08:04 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-09-07 22:04 . 2011-12-25 17:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 00:17 . 2011-08-13 15:33 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-07-04 14:33 . 2012-08-15 08:18 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 16:20 . 2012-08-15 02:02 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-06-28 04:10 . 2012-08-15 08:20 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-28 03:39 . 2012-08-15 08:20 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-28 03:28 . 2012-08-15 08:20 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-28 03:22 . 2012-08-15 08:20 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-28 03:21 . 2012-08-15 08:20 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 03:20 . 2012-08-15 08:20 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-28 03:19 . 2012-08-15 08:20 237056 ----a-w- c:\windows\system32\url.dll
2012-06-28 03:17 . 2012-08-15 08:20 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-28 03:16 . 2012-08-15 08:20 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-28 03:16 . 2012-08-15 08:20 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-28 03:14 . 2012-08-15 08:20 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-28 03:13 . 2012-08-15 08:20 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-28 03:12 . 2012-08-15 08:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-28 03:08 . 2012-08-15 08:20 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-28 00:27 . 2012-08-15 08:20 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-28 00:19 . 2012-08-15 08:20 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-28 00:18 . 2012-08-15 08:20 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-28 00:12 . 2012-08-15 08:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-28 00:07 . 2012-08-15 08:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsh0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsh0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsh0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Kyle Schwab\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-08-24 196784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"NoControlPanel"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoControlPanel"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, OzxihqeHxapb.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-30 89600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000Core.job
- c:\users\Kyle Schwab\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 08:01]
.
2012-09-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000UA.job
- c:\users\Kyle Schwab\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 08:01]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 15:46]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-30 15:46]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000Core.job
- c:\users\Kyle Schwab\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30 16:25]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000UA.job
- c:\users\Kyle Schwab\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-12 1657128]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-29 15871520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-29 82464]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: www.dsvanywhere.com
TCP: DhcpNameServer = 172.16.42.1
DPF: {82836898-30F4-4813-9A2F-120C012E44E7} - hxxp://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab
DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} - (local)
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1845cf2b00000000000000255677bba8&tlver=1.6.9.12&instlRef=sst&babTrack&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1845cf2b00000000000000255677bba8&q=
FF - user.js: extensions.BabylonToolbar.id - 1845cf2b00000000000000255677bba8
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15581
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1220:14
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113931&tt=280812_2003_3512_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-dplaysvr - c:\users\Kyle Schwab\AppData\Local\dplaysvr.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-LoJackForLaptops - c:\program files (x86)\LFLInstall\InstallManager.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-dplaysvr - c:\users\Kyle Schwab\AppData\Local\dplaysvr.exe
SafeBoot-02502956.sys
SafeBoot-89820591.sys
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-(Default) - (no file)
HKLM-Run-Dell DataSafe Online - c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1366298597-4094112238-2795133811-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4d,60,1c,13,b2,4f,d2,16,12,7e,03,1e,49,33,9e,9d,7f,8b,f0,41,96,9b,1b,
4e,df,f5,61,3b,13,cf,0a,47,c1,77,64,78,09,36,ec,ce,64,21,b5,c8,bb,3b,69,41,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1366298597-4094112238-2795133811-1000\Software\SecuROM\License information*]
"datasecu"=hex:ac,3b,ea,05,87,87,0d,e5,c1,ac,2a,9b,32,52,ae,e8,d3,a5,bc,69,a8,
4b,22,18,60,d1,67,de,9f,58,ee,bc,f0,cd,3e,96,dc,7a,58,3d,47,b5,2d,70,f0,d4,\
"rkeysecu"=hex:df,4a,53,0f,41,a6,fa,28,0c,43,66,57,67,be,92,3b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\Rpcnet\Bin\rpcld.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-09-20 23:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-21 04:14
.
Pre-Run: 121,496,551,424 bytes free
Post-Run: 122,723,442,688 bytes free
.
- - End Of File - - C841F8E2D72B5C6B2620153F2B1B8A82

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:21 PM

Posted 23 September 2012 - 02:37 PM

Hi,

Did you run any other tools before or after ComboFix? How do you connect to the internet?

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

regards myrti

Edited by myrti, 23 September 2012 - 02:37 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 23 September 2012 - 02:47 PM

i connect to the internet through a router. here are the minitoolbox logs.


MiniToolBox by Farbar Version: 23-07-2012
Ran by Kyle Schwab (administrator) on 23-09-2012 at 14:43:14
MicrosoftĂ Windows Vista˘ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wireless Network Connection (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KyleSchwab-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 00-25-56-77-BB-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7553:c8af:e8bb:b7aa%12(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.183.170(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201336150
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-D4-43-BD-00-22-19-F4-AA-2A
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-22-19-F4-AA-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B8BDE344-DF9D-4439-8A42-7F4035772B28}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 31:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 32:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B8BDE344-DF9D-4439-8A42-7F4035772B28}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 25 56 77 bb a8 ...... Dell Wireless 1510 Wireless-N WLAN Mini-Card
11 ...00 22 19 f4 aa 2a ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.Belkin
18 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
19 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
20 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
21 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
22 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
23 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
25 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
24 ...00 00 00 00 00 00 00 e0 isatap.{B8BDE344-DF9D-4439-8A42-7F4035772B28}
26 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
27 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
28 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
29 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
30 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
31 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
35 ...00 00 00 00 00 00 00 e0 isatap.{B8BDE344-DF9D-4439-8A42-7F4035772B28}
36 ...00 00 00 00 00 00 00 e0 isatap.{B331DFBC-D698-4992-8324-FA5CCA313E90}
34 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.183.170 281
169.254.183.170 255.255.255.255 On-link 169.254.183.170 281
169.254.255.255 255.255.255.255 On-link 169.254.183.170 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.183.170 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.183.170 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::7553:c8af:e8bb:b7aa/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/23/2012 01:46:46 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\KYLE SCHWAB\DOCUMENTS\MY GAMES\FASTERTHANLIGHT\PROF.NEW.SAV> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/23/2012 01:44:39 PM) (Source: Google Update) (User: KyleSchwab-PC)KyleSchwab-PC
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/23/2012 06:06:05 AM) (Source: Google Update) (User: KyleSchwab-PC)KyleSchwab-PC
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/23/2012 05:54:08 AM) (Source: Google Update) (User: KyleSchwab-PC)KyleSchwab-PC
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/22/2012 10:00:13 AM) (Source: Google Update) (User: KyleSchwab-PC)KyleSchwab-PC
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/21/2012 10:22:39 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/21/2012 10:21:14 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/21/2012 10:20:04 PM) (Source: Application Error) (User: )
Description: Faulting application PrivitizeVPN.exe, version 1.0.0.1, time stamp 0x5037de9d, faulting module VPN.dll_unloaded, version 0.0.0.0, time stamp 0x504dc7c0, exception code 0xc0000005, fault offset 0x70117320,
process id 0x9f8, application start time 0xPrivitizeVPN.exe0.

Error: (09/21/2012 10:18:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/21/2012 10:17:26 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9


System errors:
=============

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ÁTorrent (Version: 1.8.3)
64 Bit HP CIO Components Installer (Version: 1.0.0)
Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)
Apple Mobile Device Support (Version: 4.0.0.96)
ARIA Engine v1.1.1.1 (Version: v1.1.1.1)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.22)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 12.0.1.0)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
FastAccess (Version: 2.3.56.1)
Google Chrome (Version: 21.0.1180.89)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet All-In-One Series (Version: 1.0)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
Integrated Webcam Driver (1.06.03.0309) (Version: 1.06.03.0309)
iTunes (Version: 10.5.0.142)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Platform Installer 3.0 (Version: 3.0.5)
Move Media Player
NetDeviceManager64 (Version: 100.0.170.000)
NVIDIA Drivers (Version: 1.3)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Plogue chipsounds (Version: v1.501)
Quickset (Version: 9.2.13)
Winamp Application Detect (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3837.43 MB
Available physical RAM: 2498.94 MB
Total Pagefile: 7866.36 MB
Available Pagefile: 6211.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.7 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:115.07 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.66 GB) NTFS
5 Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
6 Drive h: (Swivel Pro) (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT

========================= Users: ========================================

User accounts for \\KYLESCHWAB-PC

Administrator Guest Kyle Schwab

========================= Minidump Files ==================================


**** End of log ****

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:21 PM

Posted 23 September 2012 - 02:50 PM

Hi,

I see you ran TDSSKiller in the past, could you please post the log? Did you run any other tools besides TDSSKiller?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 23 September 2012 - 02:57 PM

I can't find my tdskiller logs but i also ran roguekiller and unhide

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:21 PM

Posted 23 September 2012 - 03:03 PM

Hi,

please run this tool then:

Please download TDSS Qlook on your desktop by clicking the following link.

Open TDSSQlook.exe and you will see two options: A (Scan) and B (Fix). Select A and wait for the scan to finish. A log should be created. Please copy/paste it within your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 23 September 2012 - 03:12 PM

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - Kyle Schwab - Sun 09/23/2012 - 15:07:51.17.
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6002 Service Pack 2
***** START SCAN Sun 09/23/2012 15:07:52.69 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.8.8.0_17.09.2012_01.15.53_log.txt
TDSSKiller.2.8.8.0_17.09.2012_01.27.40_log.txt
TDSSKiller.2.8.8.0_17.09.2012_01.29.57_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\17.09.2012_01.29.58
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\tsk0001.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\tsk0001.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0017.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0017.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0016.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0015.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0014.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0014.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0013.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0013.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0012.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0011.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\tsk0001.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\tsk0001.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\svc0000
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\svc0000
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Boot.SST.b


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\mbr0000\tsk0001.ini

[InfectedFile]
Type: Raw BB image


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\object.ini

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0000.ini

[InfectedFile]
Name: mbr
Size: 512
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0001.ini

[InfectedFile]
Name: vbr
Size: 512
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0002.ini

[InfectedFile]
Name: bid
Size: 41
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0003.ini

[InfectedFile]
Name: affid
Size: 4
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0004.ini

[InfectedFile]
Name: boot
Size: 1515
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0005.ini

[InfectedFile]
Name: cmd32
Size: 25088
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0006.ini

[InfectedFile]
Name: cmd64
Size: 43520
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0007.ini

[InfectedFile]
Name: dbg32
Size: 6656
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0008.ini

[InfectedFile]
Name: dbg64
Size: 9088
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0009.ini

[InfectedFile]
Name: drv32
Size: 38912
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0010.ini

[InfectedFile]
Name: drv64
Size: 41472
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0011.ini

[InfectedFile]
Name: ldr32
Size: 6144
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0012.ini

[InfectedFile]
Name: ldr64
Size: 5632
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0013.ini

[InfectedFile]
Name: main
Size: 3783
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0014.ini

[InfectedFile]
Name: subid
Size: 8
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0015.ini

[InfectedFile]
Name: tdi32
Size: 12800
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0016.ini

[InfectedFile]
Name: tdi64
Size: 16384
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.15.54\mbr0000\tdlfs0000\tsk0017.ini

[InfectedFile]
Name: main1
Size: 3783
File time: 0000/00/00 00:00:00.0000


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.BackBoot.gen


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\mbr0000\mbr0000\tsk0001.ini

[InfectedFile]
Type: Raw BB image


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: rpcld
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: C:\ProgramData\Rpcnet\Bin\rpcld.exe
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\ProgramData\Rpcnet\Bin\rpcld.exe
md5: B1574DCB4AE3EFACC24AA87B4AE6FC55


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\17.09.2012_01.29.58\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Drivers\sptd.sys
md5: 602884696850C86434530790B110E8EB


***** END SCAN Sun 09/23/2012 15:07:58.05 *****

#8 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 23 September 2012 - 08:33 PM

Any other ideas?

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:21 PM

Posted 24 September 2012 - 02:41 AM

Hi,

yes please do a restore of the backup CF made:

Please go to

C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe

Right click on it and select Run as Admin. Then click ok ,this should restore back up registry hives.

Restart the PC and see if you're able to connect now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 24 September 2012 - 08:37 AM

I can connect now, but it is very slow and my searches all redirect to search.babylon.com

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:21 PM

Posted 24 September 2012 - 08:50 AM

Hi,

yes. Restoring the backup was expected to also restore some malware.

Let's look at how your PC currently looks:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Do you remember rebooting between running TDSSKIller and ComboFix?

Could you please also upload the following files:
C:\Windows\System32\config\system.BAK
C:\WINDOWS\ERDNT\Hiv-backup\System

They may help us in understanding what went wrong.

As those are rather large files, you won't be able to attach them here. Please zip them and click the following link and submit the files through the interface: http://www.bleepingcomputer.com/submit-malware.php?channel=100&lm=1


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 24 September 2012 - 09:51 AM

OTL logfile created on: 9/24/2012 9:33:53 AM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Kyle Schwab\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 47.44% Memory free
7.68 Gb Paging File | 5.60 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 114.61 Gb Free Space | 25.41% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.66 Gb Free Space | 52.31% Space Free | Partition Type: NTFS
Drive G: | 970.13 Mb Total Space | 969.95 Mb Free Space | 99.98% Space Free | Partition Type: FAT

Computer Name: KYLESCHWAB-PC | User Name: Kyle Schwab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/09/24 09:33:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle Schwab\Downloads\OTL.exe
PRC - [2012/09/13 15:44:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 07:08:19 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/08 10:01:14 | 000,086,184 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
PRC - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/02 19:15:00 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/07 14:16:26 | 001,934,600 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/03/07 14:16:26 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/03/07 14:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/09 13:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/16 21:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/13 15:44:09 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:15:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/06/14 03:03:56 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:03:37 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/11 15:05:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 15:05:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 03:58:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 03:56:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 03:56:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/12/12 18:09:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/07 14:17:04 | 000,088,840 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2009/03/07 14:16:30 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2009/03/07 14:15:28 | 000,234,248 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/03/30 07:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 07:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2012/09/13 15:44:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/08 07:08:19 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/07/16 01:36:00 | 003,571,584 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/05/02 19:15:00 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/07 00:42:03 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/24 20:58:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 14:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/12/16 21:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/12/01 01:44:32 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/11/26 18:27:54 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 15:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/30 07:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/25 01:43:54 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/03/18 04:04:18 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/03/15 05:32:56 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/12/30 21:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/12 07:05:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/11/12 07:05:28 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/11/12 07:05:26 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/11/12 01:33:46 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2012/09/05 22:39:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/05 22:39:21 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/11/04 18:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})
DRV - [2005/01/01 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsh0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsh0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=1845cf2b00000000000000255677bba8&tlver=1.6.9.12&instlRef=sst&babTrack&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kyle Schwab\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kyle Schwab\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle Schwab\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle Schwab\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle Schwab\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 23:34:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/13 15:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/19 01:15:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Kyle Schwab\AppData\Roaming\Move Networks [2010/01/29 02:03:39 | 000,000,000 | ---D | M]

[2011/03/11 03:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Extensions
[2012/09/07 15:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\extensions
[2011/03/11 03:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles(5)\ue82muxk.default\extensions
[2011/03/11 03:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles(5)\ue82muxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 03:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles(5)\ue82muxk.default\extensions\staged-xpis
[2012/02/03 16:04:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/07/24 16:28:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/06/18 17:53:05 | 000,000,690 | ---- | M] () -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\searchplugins\encyclopedia-dramatica-en.xml
[2011/07/21 00:55:17 | 000,001,597 | ---- | M] () -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\searchplugins\the-pirate-bay.xml
[2011/03/11 05:47:46 | 000,002,006 | ---- | M] () -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\searchplugins\urban-dictionary.xml
[2011/03/16 18:45:57 | 000,002,057 | ---- | M] () -- C:\Users\Kyle Schwab\AppData\Roaming\Mozilla\Firefox\Profiles\ue82muxk.default\searchplugins\youtube-video-search.xml
[2012/09/19 01:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/18 14:05:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/19 01:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/02/12 23:34:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/09/13 15:44:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2009/12/17 19:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/09/13 15:44:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/13 15:44:08 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kyle Schwab\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Kyle Schwab\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Kyle Schwab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/20 22:47:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (vshare.tv Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsh0.dll (Conduit Ltd.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (vshare.tv Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsh0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vshare.tv Toolbar) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsh0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dplaysvr] C:\Users\Kyle Schwab\AppData\Local\dplaysvr.exe File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [LoJackForLaptops] C:\Program Files (x86)\LFLInstall\InstallManager.exe /d60 /dd1 /bd0 File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [dplaysvr] C:\Users\Kyle Schwab\AppData\Local\dplaysvr.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle Schwab\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: www.dsvanywhere.com ([]http in Trusted sites)
O16 - DPF: {82836898-30F4-4813-9A2F-120C012E44E7} http://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab (EonDownloadCenter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} (local) (EonUISpace Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B331DFBC-D698-4992-8324-FA5CCA313E90}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O29:64bit: - HKLM SecurityProviders - (OzxihqeHxapb.dll) - File not found
O29 - HKLM SecurityProviders - (OzxihqeHxapb.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20048dd7-1794-11df-be12-002219f4aa2a}\Shell - "" = AutoRun
O33 - MountPoints2\{20048dd7-1794-11df-be12-002219f4aa2a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{2785276b-bdb5-11df-88c0-002219f4aa2a}\Shell - "" = AutoRun
O33 - MountPoints2\{2785276b-bdb5-11df-88c0-002219f4aa2a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{aab121fc-dae3-11de-946f-002219f4aa2a}\Shell - "" = AutoRun
O33 - MountPoints2\{aab121fc-dae3-11de-946f-002219f4aa2a}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 14:42:22 | 000,751,391 | ---- | C] (Farbar) -- C:\Users\Kyle Schwab\Desktop\MiniToolBox.exe
[2012/09/21 02:01:17 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\Desktop\lspfix
[2012/09/20 23:15:44 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\AppData\Local\temp
[2012/09/20 22:47:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/20 22:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2012/09/20 21:44:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/20 21:44:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/20 21:44:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/20 21:43:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/20 21:27:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/20 21:13:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/20 21:12:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/19 01:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/19 01:15:30 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/19 01:15:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/19 01:15:29 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/19 01:15:29 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/09/18 20:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
[2012/09/18 20:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FTL
[2012/09/17 19:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/17 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\Desktop\RK_Quarantine
[2012/09/17 01:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/17 01:19:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/17 01:15:48 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle Schwab\Desktop\TDSSKiller.exe
[2012/09/17 00:41:54 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012/09/14 03:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/14 03:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/02 19:44:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\Documents\democracy2
[2012/09/02 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\Desktop\Democracy_2__1.21
[2012/08/28 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2012/08/28 20:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN
[2012/08/28 20:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/28 20:14:26 | 000,000,000 | ---D | C] -- C:\Users\Kyle Schwab\AppData\Roaming\Babylon
[2 C:\Users\Kyle Schwab\Desktop\*.tmp files -> C:\Users\Kyle Schwab\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/24 09:40:10 | 012,320,281 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\sysfiles.zip
[2012/09/24 09:35:46 | 016,730,025 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\system.zip
[2012/09/24 09:34:28 | 000,120,309 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/24 09:12:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000UA.job
[2012/09/24 09:10:54 | 000,120,309 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/24 09:10:25 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000UA.job
[2012/09/24 09:10:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/24 09:10:15 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/09/24 08:44:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/24 08:29:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/24 08:27:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/09/24 08:27:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 08:27:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 08:26:51 | 4024,791,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 08:25:40 | 036,175,872 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\system.bak
[2012/09/24 08:25:40 | 003,670,016 | -HS- | M] () -- C:\Users\Kyle Schwab\ntuser.bak
[2012/09/24 03:06:01 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000Core.job
[2012/09/23 15:05:38 | 000,155,648 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\TDSSQlook.exe
[2012/09/23 14:41:16 | 000,751,391 | ---- | M] (Farbar) -- C:\Users\Kyle Schwab\Desktop\MiniToolBox.exe
[2012/09/23 14:12:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1366298597-4094112238-2795133811-1000Core.job
[2012/09/21 02:03:09 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 02:03:09 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/21 02:03:09 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/21 01:56:40 | 000,201,030 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\lspfix.zip
[2012/09/20 22:47:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 21:40:57 | 035,995,648 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\system
[2012/09/19 01:15:00 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/19 01:15:00 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/19 01:15:00 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/09/19 01:14:59 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/19 01:14:59 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/18 20:01:13 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\FTL.lnk
[2012/09/17 18:22:42 | 000,001,356 | ---- | M] () -- C:\Users\Kyle Schwab\AppData\Local\d3d9caps.dat
[2012/09/17 02:07:55 | 000,000,160 | ---- | M] () -- C:\ProgramData\-mhC8BVOcyzI79or
[2012/09/17 02:07:55 | 000,000,144 | ---- | M] () -- C:\ProgramData\-mhC8BVOcyzI79o
[2012/09/17 01:25:32 | 769,269,846 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/14 03:03:42 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/04 19:17:18 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012/09/02 19:44:23 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/09/02 14:15:27 | 000,178,433 | ---- | M] () -- C:\Windows\hpwins20.dat
[2012/09/01 10:16:32 | 000,002,119 | ---- | M] () -- C:\Users\Kyle Schwab\Desktop\Google Chrome.lnk
[2012/09/01 10:16:32 | 000,002,081 | ---- | M] () -- C:\Users\Kyle Schwab\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/28 20:37:54 | 000,187,392 | ---- | M] () -- C:\Users\Kyle Schwab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/28 20:14:47 | 000,000,633 | ---- | M] () -- C:\user.js
[2 C:\Users\Kyle Schwab\Desktop\*.tmp files -> C:\Users\Kyle Schwab\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/24 09:35:38 | 016,730,025 | ---- | C] () -- C:\Users\Kyle Schwab\Desktop\system.zip
[2012/09/24 09:35:13 | 035,995,648 | ---- | C] () -- C:\Users\Kyle Schwab\Desktop\system
[2012/09/24 09:34:30 | 036,175,872 | ---- | C] () -- C:\Users\Kyle Schwab\Desktop\system.bak
[2012/09/23 15:07:29 | 000,155,648 | ---- | C] () -- C:\Users\Kyle Schwab\Desktop\TDSSQlook.exe
[2012/09/21 02:01:00 | 000,201,030 | ---- | C] () -- C:\Users\Kyle Schwab\Desktop\lspfix.zip
[2012/09/20 21:44:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/20 21:44:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/20 21:44:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/20 21:44:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/20 21:44:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/18 20:01:13 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\FTL.lnk
[2012/09/17 19:12:11 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/09/17 01:19:24 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\OOTP Baseball 13.lnk
[2012/09/17 01:19:24 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/17 01:19:23 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/09/17 01:19:23 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Football Manager 2012.lnk
[2012/09/17 01:19:23 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/17 01:19:23 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/09/17 01:19:23 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/17 01:19:23 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/09/17 01:19:22 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/17 01:19:21 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/09/17 01:19:21 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/09/17 01:19:21 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/09/17 01:19:21 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/09/17 01:19:19 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/09/17 01:19:16 | 000,001,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/09/17 01:19:14 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/09/17 01:19:14 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mojo.lnk
[2012/09/17 01:19:13 | 000,001,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012/09/17 01:19:12 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/17 01:19:10 | 000,000,885 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/09/17 01:19:03 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/17 01:19:03 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/17 01:19:03 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012/09/17 01:19:03 | 000,000,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/09/17 00:41:55 | 000,000,160 | ---- | C] () -- C:\ProgramData\-mhC8BVOcyzI79or
[2012/09/17 00:41:55 | 000,000,144 | ---- | C] () -- C:\ProgramData\-mhC8BVOcyzI79o
[2012/09/02 19:44:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/08/28 20:14:43 | 000,000,633 | ---- | C] () -- C:\user.js
[2012/02/21 20:58:14 | 000,172,172 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/26 23:38:43 | 000,000,040 | ---- | C] () -- C:\Users\Kyle Schwab\jagex_cl_runescape_LIVE.dat
[2011/12/25 06:27:09 | 000,014,162 | -HS- | C] () -- C:\Users\Kyle Schwab\AppData\Local\knugvcyw3c8a
[2011/12/25 06:27:09 | 000,014,162 | -HS- | C] () -- C:\ProgramData\knugvcyw3c8a
[2011/12/23 04:23:06 | 000,000,008 | -HS- | C] () -- C:\Users\Kyle Schwab\AppData\Local\systemCurUses
[2011/12/23 04:23:06 | 000,000,006 | -HS- | C] () -- C:\Users\Kyle Schwab\AppData\Local\systemHdID
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/12 17:12:28 | 000,024,226 | ---- | C] () -- C:\Users\Kyle Schwab\AppData\Roaming\UserTile.png
[2011/06/29 22:59:40 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe
[2011/06/21 20:19:45 | 000,000,000 | ---- | C] () -- C:\Users\Kyle Schwab\AppData\Local\{87BB07C1-183E-4D82-845A-158E7513050A}
[2011/02/15 19:45:35 | 000,000,166 | ---- | C] () -- C:\Users\Kyle Schwab\AppData\Roaming\wklnhst.dat
[2011/02/09 20:47:45 | 000,000,661 | ---- | C] () -- C:\Windows\eReg.dat
[2010/05/09 18:05:10 | 000,000,087 | ---- | C] () -- C:\Users\Kyle Schwab\jagex_runescape_preferences2.dat
[2010/05/09 18:05:10 | 000,000,000 | ---- | C] () -- C:\Users\Kyle Schwab\jagex__preferences3.dat
[2009/11/16 20:20:50 | 000,001,356 | ---- | C] () -- C:\Users\Kyle Schwab\AppData\Local\d3d9caps.dat
[2009/08/07 16:17:49 | 000,000,732 | ---- | C] () -- C:\Users\Kyle Schwab\AppData\Local\d3d9caps64.dat
[2009/08/04 14:57:26 | 000,000,042 | ---- | C] () -- C:\Users\Kyle Schwab\jagex_runescape_preferences.dat
[2009/07/09 17:15:51 | 000,187,392 | ---- | C] () -- C:\Users\Kyle Schwab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/01 15:21:57 | 003,670,016 | -HS- | C] () -- C:\Users\Kyle Schwab\ntuser.bak
[2009/06/24 20:36:26 | 000,120,309 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/24 20:34:39 | 000,120,309 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

OTL Extras logfile created on: 9/24/2012 9:33:53 AM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Kyle Schwab\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 47.44% Memory free
7.68 Gb Paging File | 5.60 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 114.61 Gb Free Space | 25.41% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.66 Gb Free Space | 52.31% Space Free | Partition Type: NTFS
Drive G: | 970.13 Mb Total Space | 969.95 Mb Free Space | 99.98% Space Free | Partition Type: FAT

Computer Name: KYLESCHWAB-PC | User Name: Kyle Schwab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F8 B3 EB FD A1 56 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07086E32-B9A9-4F2F-B0B0-A447C8BDF730}" = lport=137 | protocol=17 | dir=in | app=system |
"{0EC93042-43ED-457A-8842-C45441A9EF5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15CF1BD4-B044-4912-BF40-F5775338FDED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F3F62DB-5B07-49D0-9C01-81A3C808B3A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21C0F559-E6E4-405A-B91C-182A35DB0196}" = rport=137 | protocol=17 | dir=out | app=system |
"{2C492B26-3913-496C-983E-CF34ACC75B2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39D05C58-D6E2-4285-B590-2CA818E6D3BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{636842F2-323F-47BD-9B02-DEF27D0DC660}" = lport=139 | protocol=6 | dir=in | app=system |
"{651D8E1E-52E7-49D0-9120-FBCBFDB45EF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A96C6ED-6C9A-44D3-8F09-6202018A592E}" = lport=138 | protocol=17 | dir=in | app=system |
"{7E9E5C31-75F2-4443-8EF4-91816CB66E06}" = rport=138 | protocol=17 | dir=out | app=system |
"{8392C1FD-FB30-4C0D-80E6-698C5A033BF6}" = rport=139 | protocol=6 | dir=out | app=system |
"{86ABF46F-C55F-438E-94CF-4C7A6C0B27A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90302EC0-D3A2-430D-98C0-33FD7DA74903}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9EACB073-EF0D-448D-9123-1CA7DEC46180}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5C3D083-352B-47C2-8752-A70C88915169}" = lport=445 | protocol=6 | dir=in | app=system |
"{C033174E-4E8D-4795-B9DD-36CB72D73BB7}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9C328F5-440D-4D77-A98C-181F91D53161}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CB0CBFE3-BEA5-4FF0-9065-7DA94AB8E90B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CEC719AF-C50B-474A-95B6-CD887F5D6A78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2AB7007-CCBD-4488-BDBC-A4A639C4F255}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F28A3101-F3A7-4A93-9FD3-BFAC382A7723}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D83D9-B43C-4E49-ADF7-89EA07C8803C}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{056C9153-F20B-4A43-98B3-EE56DCAF9DA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{06E7CC21-E54A-4ABE-821C-4AECD19A3122}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0A02830F-0B07-4773-8766-2344AFA9944F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{0C011E77-0B40-48FE-8A51-A738C83A0086}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0C30957A-B825-476E-BA1B-54B3575E55CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D7D3AB5-E85C-49D1-A51B-576740206141}" = protocol=6 | dir=out | app=system |
"{0DF3A633-4BBE-47BB-93AC-1DCAFDA6C8E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E092AA2-0287-4C23-8673-EC827F8289C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F68866F-3CBC-487B-A865-332448FA6935}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1058BF4F-EE7B-4B19-84B1-708A42789D96}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{10F5AC08-2F24-4693-87E6-E870E54C92B7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{1319E43B-BFF4-4FCA-BDAB-88E20CEFF147}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13B8AC71-DBC9-4ADE-B70F-38FD9C086B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{16F176A8-46A8-47F0-91BC-A856BE693C30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19F3AD64-877C-4F23-A34E-88F4304C0F4C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{1C26A79E-0620-43FD-8B27-E046E77DD0EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{22034FE2-9F59-4C45-839E-452868A2DA45}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010\fm.exe |
"{22CDECA7-DBF7-41CC-B845-9ACE3BEEEE7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{260CA7C2-954B-460D-A422-882CA3AC7A06}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{28546875-48B2-4BA8-8CD6-6711B7845283}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2EBED01C-3113-4E30-8305-361206CBA6BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FEE7EC4-CF0B-49D2-9BDF-AE62743AA001}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3108630A-8764-45E8-8337-447A816DBC80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{316580F9-5865-4D41-BFD7-42883595DA33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32871DBA-2940-4243-9AE9-6EFEA3A25F78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{32F681EB-5CEE-433E-B562-E17D2F4BDE2B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3ADC6C41-DCF2-4356-9902-AF15F1A2A1CB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E9C47EA-A891-4328-B4BC-C3F4F57071C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F0BC310-A785-43F9-8704-547690FFB310}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mengde_of_wei\counter-strike\hl.exe |
"{41736D5A-7BA2-41BC-BDC5-F4B427F31FDA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{420B2DA6-38EA-449A-9398-D0809A94F54C}" = dir=in | app=c:\users\kyle schwab\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{423B18BC-09CC-4E1D-91AF-5896D97F75FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4384CAD7-3BF9-46AC-8E78-4E748507F71A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{47605A24-FFCF-4F4A-95FF-3BBC8B7DA2E1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4A5DF481-AD78-4766-B217-3E2DC7E3478C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4A9E4F1B-562C-46E9-8C2D-BE2CAFE0B731}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mengde_of_wei\counter-strike\hl.exe |
"{522181F2-C19D-46D1-814F-61966F5370F0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5812CD88-5F53-44DC-BBC5-27795EF36178}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5864AE8C-5D30-439C-B586-A1F00005A325}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B001731-5618-400D-871F-6C851D5530F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{5B3E8C36-D42B-443F-955E-6E9A2AB3CF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{5B555C9B-BE52-43B6-9089-5E779B58DED2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C9AF1E9-7542-4EA7-88D8-1A911C2880D8}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010\fm.exe |
"{5D86A51D-8BA3-4B31-A725-B077011379E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DB6A8CC-B81D-4C8C-B6C1-E8AECCF2EF87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mengde_of_wei\counter-strike\hl.exe |
"{5DFB8DFE-0D56-4133-A9BB-8D40AF344EAD}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{604A09D5-F186-415E-8630-86B2879DD399}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{617689F3-CC19-4EC9-B6DB-6987E968D9CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mengde_of_wei\ricochet\hl.exe |
"{65439232-496D-4856-B998-92CB06848715}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{669FC1F4-2A5A-4D57-A207-6FEF6A7DFE94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6790A2B3-AC99-49B5-9564-E73048154DD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{682E0F25-65DA-478D-B9C0-FF11BF58F318}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mengde_of_wei\ricochet\hl.exe |
"{6C47D4ED-FC8A-4209-9F70-B9075B48EE01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70FAB9BE-7C6B-47DB-B9AD-0ED3DEE68CC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71DDF90C-D1A9-4371-AB83-6777C1D3F95A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{747C40AC-6A24-4A7E-8493-FA618E104F8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75B0B16E-B3B1-4DAF-ADDB-7D99A89EF39B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76B377E5-04AD-4FFE-B271-4051ABBADF13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{774A932F-5164-4CBA-BAEF-4760F625D102}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{78AF9ECC-295D-4427-A247-1CA0D142EBA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79D2F5FD-5A4A-42F9-9DD2-825465626B39}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{7AEB6F68-1C85-4A24-B6AC-2D800A35840F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7BDBC3E5-9683-480B-8BEB-552177DEB3D3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{82E20A16-E9A8-4A53-AE51-501F4174CEDD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{83C4F1AF-EDFA-4AAE-AE05-71EC611C5BB0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{872C192A-E9AB-4A1D-AE69-55B16D6257F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88C0C398-7140-4CED-9E92-139BE2C92801}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{89B6C2EC-B855-4419-8707-139C3226F345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{8BD1FEEC-20C0-4A59-B589-9ABC5856E1DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EBDAAC0-CC35-4013-8BDE-D5FA51DD8FF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8FABB42E-C625-44E8-BBDF-577EED47B8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{907E2586-3EB1-4284-97E1-ED6EC0BCDD57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mengde_of_wei\counter-strike\hl.exe |
"{926F76E7-7E8B-498E-9348-027F9C26DD02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{933905B2-321C-439D-B736-10E2E706250A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{934608B3-663E-4BB1-92E4-B04B776F71F9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{951C8C14-5B03-4167-B998-48874CE037B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{970C6149-AA9B-4A0C-BAA4-6B15EA9C3058}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97FF0D30-62B2-47ED-8D68-994C9BC14C7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F542F15-0CC2-443D-91FE-E2C2A8B04F0B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{9FDE0961-BE84-4B14-B26E-050DC45D1EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{9FFCBE6B-5EBF-4075-A342-CFFECB539028}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6079664-76AC-4693-9A43-EE1E7115F2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{ABDDE4E6-7195-41BD-8B28-E38F94B74173}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{AE659E1F-0962-41FE-A25A-15EF67B680F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0414317-6342-4F6F-8433-F0B3AF45AB74}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{B37ED0BB-FDF6-438E-AD1C-98192798EA4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5E5DFDA-015E-4635-BE6D-CC16DAE12602}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{B801186E-2900-4DD7-854B-DFADBBFE8412}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{B8AA8398-3CD3-423B-B607-80C40F0D0D4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{BE82A2CB-9E2E-46D9-96F9-DC65C11CF6D8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{C2B3FDD3-A96B-47D1-A795-06F07E12C6D0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C58B53BC-263A-43EC-8403-25961A182EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C68847A6-71B4-40A3-8FFF-6EE76760651B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{C6DBD3B1-793F-4CF7-A658-E8623C17E3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{C6ED03E9-57CA-4F39-8565-02CC29812487}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{C705FA84-963C-4EFF-9D9D-DE0FF658778F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C77027AC-3A09-45D3-9207-4323F240B123}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9F822C5-D86F-4DA6-8EC3-80AC020ABA53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB08A3EB-AFEB-4451-B2FA-EA2492EDB3A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB78DEAF-9FE6-4C71-8781-EAFC184F7CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{D0697D7A-5372-458C-95E3-7700AC436152}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D0F82CB3-E96A-4BB4-9B84-233BA94296EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D19D60F0-24AD-42F7-9E40-93DFEAEB4701}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEAC8FEC-4730-4729-A9DF-65E5B9EE19E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E07FEB6E-B699-41C0-90E9-C8856AEADE3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E75913E9-B508-4AEA-A171-8F2DC1B98E58}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{E759B026-CF84-4874-997F-AB4B76FC3573}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E7CA4239-3880-4478-B172-35BF35770C2F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9D04C93-EC08-4F7C-A31B-1826809884EE}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{E9D2BA97-D5A0-4005-8575-FBAA4A9B24E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EC5C0C6C-9766-4077-9B3D-CDEDD1BF8B0B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EC91EAA6-A44D-4DFA-8DE8-9D8157388070}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED29FCD8-66C2-4EDD-93DE-EDFBF1DB421E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{ED43AECC-047A-47EF-A1D2-2F90BFB694B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EDEFF2C2-4D3D-43EE-9DB0-4E2D7D2F9CE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE962DCE-2E2C-4327-AC4E-02CA8F496379}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{F2E45B36-5D42-464C-9C3F-EE574B5AA819}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F706750C-0F75-4FE9-9ADE-BF63519B3BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{FD53E054-40FE-47E6-BE31-6061BE9E30CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FDA3EACE-32D6-43E1-AC1A-0DBE51EF046C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FED78835-48A0-4315-8496-D70D0B8CD6AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1009___is1" = Plogue chipsounds
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C4C13E99-C7DE-4D2D-B79B-A0FAA78016F7}" = FastAccess
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"ARIA Engine_is1" = ARIA Engine v1.1.1.1
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.01
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars«: Knights of the Old Republic ™
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD25A8FE-964F-48DB-B5C5-AD4DDB3895AD}" = System Requirements Lab
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = SkypeÖ 5.10
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Fallout" = Fallout
"FIFA MANAGER 11 Demo" = FIFA MANAGER 11 Demo
"FileZilla Client" = FileZilla Client 3.2.8
"Football Manager 2010" = Football Manager 2010
"Football Manager 2011" = Football Manager 2011
"Football Manager 2012_is1" = Football Manager 2012
"Freelancer 1.0" = Freelancer
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"GoToAssist" = GoToAssist 8.0.0.514
"iArt_is1" = iArt 3
"JFK Reloaded" = JFK Reloaded 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Out of the Park Baseball13" = Out of the Park Baseball 13
"PowerISO" = PowerISO
"PrivitizeVPN" = PrivitizeVPN
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"Real Lives 2007" = Real Lives 2007
"Real Lives 2010" = Real Lives 2010
"RPG Maker 2000 ColumbineRPG" = RPG Maker 2000 - Super Columbine Massacre RPG!
"Snood 4_is1" = Snood 4
"SopCast" = SopCast 3.2.4
"Steam App 10" = Counter-Strike
"Steam App 13230" = Unreal Tournament 2004
"Steam App 1522" = DEFCON Demo
"Steam App 2400" = The Ship
"Steam App 400" = Portal
"Steam App 550" = Left 4 Dead 2
"Steam App 60" = Ricochet
"Steam App 630" = Alien Swarm
"uTorrent" = ÁTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"vshare.tv_Bar Toolbar" = vshare.tv Bar Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = ÁTorrent
"Winamp Detect" = Winamp Application Detect

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/15/2010 9:46:35 PM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 4/21/2010 9:03:00 AM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 4/28/2010 9:57:07 PM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 5/10/2010 3:58:12 AM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 5/10/2010 3:59:25 AM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 7/4/2010 1:50:38 PM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 7/27/2010 5:33:41 PM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 8/9/2010 9:02:42 PM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 10/1/2010 12:33:07 AM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

Error - 10/1/2010 12:33:07 AM | Computer Name = KyleSchwab-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 11/7/2011 10:57:14 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/7/2011 10:57:14 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2114594

Error - 11/7/2011 10:57:14 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2114594

Error - 11/7/2011 10:57:15 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/7/2011 10:57:15 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2115998

Error - 11/7/2011 10:57:15 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2115998

Error - 11/7/2011 10:57:17 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/7/2011 10:57:17 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2117121

Error - 11/7/2011 10:57:17 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2117121

Error - 11/7/2011 10:57:18 PM | Computer Name = KyleSchwab-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Broadcom Wireless LAN Events ]
Error - 9/4/2012 8:20:09 PM | Computer Name = KyleSchwab-PC | Source = WLAN-Tray | ID = 0
Description = 19:20:08, Tue, Sep 04, 12 Error - Unable to gain access to user store


Error - 9/18/2012 8:45:46 PM | Computer Name = KyleSchwab-PC | Source = WLAN-Tray | ID = 0
Description = 19:45:46, Tue, Sep 18, 12 Error - Unable to gain access to user store


[ System Events ]
Error - 7/29/2009 11:51:05 PM | Computer Name = KyleSchwab-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.8 for the Network Card with network
address 00255677BBA8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/30/2009 1:40:06 AM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 7/30/2009 2:31:01 AM | Computer Name = KyleSchwab-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 7/30/2009 10:34:11 PM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 8/1/2009 2:12:30 AM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 8/2/2009 12:22:34 AM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 8/2/2009 7:20:06 PM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 8/3/2009 6:37:27 PM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 8/3/2009 11:40:13 PM | Computer Name = KyleSchwab-PC | Source = HTTP | ID = 15016
Description =

Error - 8/3/2009 11:41:36 PM | Computer Name = KyleSchwab-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00255677BBA8 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >

#13 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 24 September 2012 - 09:52 AM

and i put the two files into a zip folder that is 15.6 MB large, but i get a message saying that it is over 30 MB and cannot be uploaded

#14 swerp

swerp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 24 September 2012 - 09:58 AM

i was able to submit it compressed as a .rar

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:21 PM

Posted 24 September 2012 - 02:59 PM

Hi,

thanks. I checked the downloads and SYSTEM is 35MB, but SYSTEM.bak is only 200KB. This seems odd, could you check the size of system.bak and let me know if the size matches.

Would you be willing to run ComboFix again (indepedent of the clean-up) to help us see whether the issue is with ComboFix or with an infection messing up your PC?

Meanwhile please run AdwCleaner to get rid of Babylon and Company. I see a few more leftovers in the OTL log, but nothing that is active.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Please also run aswMBR for a check up:
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users