I ran Combo Fix as directed by dragging the script on to it. When it rebooted the computer to finish it never came back up to create the log file. I ran it again as a result and here is the log I got:
ComboFix 09-08-31.03 - Brandon 08/31/2009 16:30.3.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1022.445 [GMT -7:00]
Running from: c:\users\Brandon.Rodan242\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\certstore.dat
.
---- Previous Run -------
.
c:\windows\system32\certstore.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_kbiwkmbvskjyso
-------\Legacy_kbiwkmbvskjyso
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.
2009-08-31 23:43 . 2009-08-31 23:47 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Brandon\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\BRANDO~1~ROD\AppData\Local\temp
2009-08-27 00:39 . 2009-08-27 00:39 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Local\MigWiz
2009-08-24 18:05 . 2009-08-24 18:06 -------- d-----w- C:\Toolbox
2009-08-24 17:38 . 2009-08-24 17:38 -------- d-----w- c:\program files\ERUNT
2009-08-20 23:56 . 2009-08-20 23:56 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\Malwarebytes
2009-08-20 23:56 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 23:56 . 2009-08-20 23:56 -------- d-----w- c:\programdata\Malwarebytes
2009-08-20 23:56 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 23:56 . 2009-08-24 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 23:45 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-20 23:45 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-20 23:45 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-20 23:45 . 2009-07-16 19:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-20 23:43 . 2009-08-20 23:45 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-20 23:43 . 2009-08-20 23:44 -------- d-----w- c:\program files\McAfee.com
2009-08-20 23:43 . 2009-08-21 05:41 -------- d-----w- c:\program files\McAfee
2009-08-20 23:21 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-20 23:10 . 2009-08-21 05:49 -------- d-----w- c:\programdata\McAfee
2009-08-19 06:45 . 2009-08-19 06:45 -------- d-----w- c:\programdata\GameHouse
2009-08-19 06:36 . 2009-08-19 06:36 -------- d-----w- c:\program files\RarZilla
2009-08-13 16:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-13 16:34 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 16:34 . 2009-07-14 13:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 16:34 . 2009-07-14 13:01 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 16:34 . 2009-07-14 11:11 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 16:34 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-13 16:34 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-13 16:34 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-13 16:34 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-13 16:34 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 16:34 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 23:47 . 2009-06-23 23:27 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\DNA
2009-08-31 23:47 . 2009-06-23 23:27 -------- d-----w- c:\program files\DNA
2009-08-21 23:26 . 2009-06-23 23:33 -------- d-----w- c:\program files\Games
2009-08-13 23:03 . 2007-11-20 04:26 -------- d-----w- c:\program files\AIM6
2009-08-13 23:03 . 2007-11-20 04:27 -------- d-----w- c:\program files\Viewpoint
2009-08-13 23:03 . 2007-11-20 04:27 -------- d-----w- c:\programdata\Viewpoint
2009-08-13 23:01 . 2008-12-09 01:46 -------- d-----w- c:\programdata\AOL Downloads
2009-08-13 16:50 . 2007-12-23 21:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-13 16:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-03 22:57 . 2008-01-01 02:44 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\Canon
2009-07-25 04:21 . 2009-07-25 04:21 135396 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-25 04:20 . 2009-07-25 04:20 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\Apple Computer
2009-07-25 04:16 . 2009-07-25 04:15 -------- d-----w- c:\program files\Safari
2009-07-25 04:14 . 2009-07-25 04:14 -------- d-----w- c:\program files\Apple Software Update
2009-07-25 04:14 . 2009-07-25 04:14 -------- d-----w- c:\programdata\Apple
2009-07-25 01:34 . 2009-07-25 01:34 713992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-23 16:59 . 2007-11-18 23:41 80904 ----a-w- c:\users\Brandon.Rodan242\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-08-13 16:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-13 16:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-13 16:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-13 16:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:52 . 2009-08-13 16:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 03:17 . 2009-07-02 03:17 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-06-15 18:12 . 2009-08-13 16:35 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:29 . 2009-08-13 16:35 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:28 . 2009-08-13 16:35 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:28 . 2009-08-13 16:35 272384 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:25 . 2009-08-13 16:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:23 . 2009-08-13 16:35 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:23 . 2009-08-13 16:35 24064 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 15:23 . 2009-08-13 16:35 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:22 . 2009-08-13 16:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:21 . 2009-08-13 16:35 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 15:20 . 2009-08-13 16:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-06-15 13:10 . 2009-08-13 16:35 7680 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 13:03 . 2009-08-13 16:35 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:16 . 2009-08-13 16:35 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 12:47 . 2009-08-13 16:35 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-06-04 12:43 . 2009-08-13 16:35 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-04 12:36 . 2009-08-13 16:35 116736 ----a-w- c:\windows\system32\aaclient.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-31_06.21.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-19 00:01 . 2009-08-31 22:45 41502 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-31 23:48 54394 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-18 23:41 . 2009-08-31 23:48 15866 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2979632154-2472622693-673311761-1000_UserData.bin
- 2006-11-02 13:02 . 2009-08-31 06:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-31 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-31 23:28 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-31 06:22 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-31 06:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-31 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-31 23:45 . 2009-08-31 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-31 06:19 . 2009-08-31 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-31 23:45 . 2009-08-31 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-31 06:19 . 2009-08-31 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-23 321344]
"Google Update"="c:\users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-25 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-23 1006264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2008-02-21 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-02-21 19968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2979632154-2472622693-673311761-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3C64B300-38D7-4091-B236-4BE46F00E4CF}c:\\games\\soldier of fortune\\sof.exe"= UDP:c:\games\soldier of fortune\sof.exe:SoF
"UDP Query User{91FE160A-72C5-42C5-ACB6-3442AA48AD8E}c:\\games\\soldier of fortune\\sof.exe"= TCP:c:\games\soldier of fortune\sof.exe:SoF
"{3D38E612-03BF-4350-9E65-3E11252E4D5C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{74DF458E-DC85-4DCE-AFA2-08226202FC34}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{D3128A9C-F202-4211-90FA-5DA372C74F1D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9872F371-0414-460D-AF2C-FAFAA6F1AD60}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3EBEC4C-DEEC-4B37-B357-FD29FE9CD675}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{297A9DB2-C2C8-4F65-8F3D-19214DCFB004}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{4F8B0E8B-D4FE-4215-A220-A1A4625CDD12}c:\\program files\\pieautoupdater\\winmx.exe"= UDP:c:\program files\pieautoupdater\winmx.exe:WinMX Application
"UDP Query User{AC2B0356-3165-4B29-A454-F31365736F93}c:\\program files\\pieautoupdater\\winmx.exe"= TCP:c:\program files\pieautoupdater\winmx.exe:WinMX Application
"{90FF6D2A-3F90-4226-AABD-7ED0AEBB0C17}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0DED102C-110E-4681-BD70-A9D766390DE9}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{26453132-050C-4135-900E-0474291EF3D4}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8A29EF27-E9F7-47F6-9B79-10B26C84D365}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DDA09D6B-B02C-4A9B-A75C-09E88D885DD6}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{26AED914-1F70-4A93-8DB1-9F3D25AD5382}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2080DF58-428F-4017-8E20-C595CC5ECF61}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{147494DD-7901-4EBB-89A0-60109EA95031}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{CF7FA0AB-5BD0-49EB-998C-4E1D73DAE7E3}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{9FDB0174-775A-4D21-B862-85109EF78A3E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{32C6096F-4AB6-4F09-9935-93ED61D3488E}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{D8387652-DEE7-446E-B6F6-B5536F5D8C7F}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [7/12/2008 8:41 PM 79360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979632154-2472622693-673311761-1000Core.job
- c:\users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-25 04:17]
2009-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979632154-2472622693-673311761-1000UA.job
- c:\users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-25 04:17]
2009-08-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 04:26]
2009-08-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 04:26]
2009-08-31 c:\windows\Tasks\User_Feed_Synchronization-{9F67757F-5FC7-4EE1-AFA1-2F404C3EEA2B}.job
- c:\windows\system32\msfeedssync.exe [2009-08-13 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kaijuphile.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: {015F60B8-2D39-41CB-A64B-CBD93D5A3157} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Brandon.Rodan242\AppData\Roaming\Mozilla\Firefox\Profiles\m6uiopqu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kaijuphile.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Brandon.Rodan242\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Brandon.Rodan242\AppData\Roaming\Mozilla\Firefox\Profiles\m6uiopqu.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-31 16:46
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\rundll32.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Zune\ZuneNss.exe
.
**************************************************************************
.
Completion time: 2009-08-31 16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 23:58
ComboFix2.txt 2009-08-31 06:35
Pre-Run: 33,444,622,336 bytes free
Post-Run: 33,416,081,408 bytes free
278 --- E O F --- 2009-08-13 16:47
SysProt Log:
ComboFix 09-08-31.03 - Brandon 08/31/2009 16:30.3.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1022.445 [GMT -7:00]
Running from: c:\users\Brandon.Rodan242\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\certstore.dat
.
---- Previous Run -------
.
c:\windows\system32\certstore.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_kbiwkmbvskjyso
-------\Legacy_kbiwkmbvskjyso
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.
2009-08-31 23:43 . 2009-08-31 23:47 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\Brandon\AppData\Local\temp
2009-08-31 23:43 . 2009-08-31 23:43 -------- d-----w- c:\users\BRANDO~1~ROD\AppData\Local\temp
2009-08-27 00:39 . 2009-08-27 00:39 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Local\MigWiz
2009-08-24 18:05 . 2009-08-24 18:06 -------- d-----w- C:\Toolbox
2009-08-24 17:38 . 2009-08-24 17:38 -------- d-----w- c:\program files\ERUNT
2009-08-20 23:56 . 2009-08-20 23:56 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\Malwarebytes
2009-08-20 23:56 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 23:56 . 2009-08-20 23:56 -------- d-----w- c:\programdata\Malwarebytes
2009-08-20 23:56 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 23:56 . 2009-08-24 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 23:45 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-20 23:45 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-20 23:45 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-20 23:45 . 2009-07-16 19:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-20 23:43 . 2009-08-20 23:45 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-20 23:43 . 2009-08-20 23:44 -------- d-----w- c:\program files\McAfee.com
2009-08-20 23:43 . 2009-08-21 05:41 -------- d-----w- c:\program files\McAfee
2009-08-20 23:21 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-20 23:10 . 2009-08-21 05:49 -------- d-----w- c:\programdata\McAfee
2009-08-19 06:45 . 2009-08-19 06:45 -------- d-----w- c:\programdata\GameHouse
2009-08-19 06:36 . 2009-08-19 06:36 -------- d-----w- c:\program files\RarZilla
2009-08-13 16:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-13 16:34 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 16:34 . 2009-07-14 13:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 16:34 . 2009-07-14 13:01 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 16:34 . 2009-07-14 11:11 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 16:34 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-13 16:34 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-13 16:34 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-13 16:34 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-13 16:34 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 16:34 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 23:47 . 2009-06-23 23:27 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\DNA
2009-08-31 23:47 . 2009-06-23 23:27 -------- d-----w- c:\program files\DNA
2009-08-21 23:26 . 2009-06-23 23:33 -------- d-----w- c:\program files\Games
2009-08-13 23:03 . 2007-11-20 04:26 -------- d-----w- c:\program files\AIM6
2009-08-13 23:03 . 2007-11-20 04:27 -------- d-----w- c:\program files\Viewpoint
2009-08-13 23:03 . 2007-11-20 04:27 -------- d-----w- c:\programdata\Viewpoint
2009-08-13 23:01 . 2008-12-09 01:46 -------- d-----w- c:\programdata\AOL Downloads
2009-08-13 16:50 . 2007-12-23 21:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-13 16:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-03 22:57 . 2008-01-01 02:44 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\Canon
2009-07-25 04:21 . 2009-07-25 04:21 135396 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-25 04:20 . 2009-07-25 04:20 -------- d-----w- c:\users\Brandon.Rodan242\AppData\Roaming\Apple Computer
2009-07-25 04:16 . 2009-07-25 04:15 -------- d-----w- c:\program files\Safari
2009-07-25 04:14 . 2009-07-25 04:14 -------- d-----w- c:\program files\Apple Software Update
2009-07-25 04:14 . 2009-07-25 04:14 -------- d-----w- c:\programdata\Apple
2009-07-25 01:34 . 2009-07-25 01:34 713992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-23 16:59 . 2007-11-18 23:41 80904 ----a-w- c:\users\Brandon.Rodan242\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-08-13 16:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-13 16:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-13 16:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-13 16:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:52 . 2009-08-13 16:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 03:17 . 2009-07-02 03:17 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-06-15 18:12 . 2009-08-13 16:35 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:29 . 2009-08-13 16:35 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:28 . 2009-08-13 16:35 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:28 . 2009-08-13 16:35 272384 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:25 . 2009-08-13 16:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:23 . 2009-08-13 16:35 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:23 . 2009-08-13 16:35 24064 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 15:23 . 2009-08-13 16:35 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:22 . 2009-08-13 16:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:21 . 2009-08-13 16:35 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 15:20 . 2009-08-13 16:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-06-15 13:10 . 2009-08-13 16:35 7680 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 13:03 . 2009-08-13 16:35 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:16 . 2009-08-13 16:35 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 12:47 . 2009-08-13 16:35 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-06-04 12:43 . 2009-08-13 16:35 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-04 12:36 . 2009-08-13 16:35 116736 ----a-w- c:\windows\system32\aaclient.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-31_06.21.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-19 00:01 . 2009-08-31 22:45 41502 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-31 23:48 54394 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-18 23:41 . 2009-08-31 23:48 15866 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2979632154-2472622693-673311761-1000_UserData.bin
- 2006-11-02 13:02 . 2009-08-31 06:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-31 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-08-31 23:28 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-31 06:22 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-08-31 06:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-08-31 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-31 23:45 . 2009-08-31 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-31 06:19 . 2009-08-31 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-31 23:45 . 2009-08-31 23:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-31 06:19 . 2009-08-31 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-23 321344]
"Google Update"="c:\users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-25 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-23 1006264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2008-02-21 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-02-21 19968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2979632154-2472622693-673311761-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3C64B300-38D7-4091-B236-4BE46F00E4CF}c:\\games\\soldier of fortune\\sof.exe"= UDP:c:\games\soldier of fortune\sof.exe:SoF
"UDP Query User{91FE160A-72C5-42C5-ACB6-3442AA48AD8E}c:\\games\\soldier of fortune\\sof.exe"= TCP:c:\games\soldier of fortune\sof.exe:SoF
"{3D38E612-03BF-4350-9E65-3E11252E4D5C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{74DF458E-DC85-4DCE-AFA2-08226202FC34}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{D3128A9C-F202-4211-90FA-5DA372C74F1D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9872F371-0414-460D-AF2C-FAFAA6F1AD60}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3EBEC4C-DEEC-4B37-B357-FD29FE9CD675}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{297A9DB2-C2C8-4F65-8F3D-19214DCFB004}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{4F8B0E8B-D4FE-4215-A220-A1A4625CDD12}c:\\program files\\pieautoupdater\\winmx.exe"= UDP:c:\program files\pieautoupdater\winmx.exe:WinMX Application
"UDP Query User{AC2B0356-3165-4B29-A454-F31365736F93}c:\\program files\\pieautoupdater\\winmx.exe"= TCP:c:\program files\pieautoupdater\winmx.exe:WinMX Application
"{90FF6D2A-3F90-4226-AABD-7ED0AEBB0C17}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0DED102C-110E-4681-BD70-A9D766390DE9}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{26453132-050C-4135-900E-0474291EF3D4}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8A29EF27-E9F7-47F6-9B79-10B26C84D365}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DDA09D6B-B02C-4A9B-A75C-09E88D885DD6}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{26AED914-1F70-4A93-8DB1-9F3D25AD5382}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2080DF58-428F-4017-8E20-C595CC5ECF61}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{147494DD-7901-4EBB-89A0-60109EA95031}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{CF7FA0AB-5BD0-49EB-998C-4E1D73DAE7E3}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{9FDB0174-775A-4D21-B862-85109EF78A3E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{32C6096F-4AB6-4F09-9935-93ED61D3488E}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{D8387652-DEE7-446E-B6F6-B5536F5D8C7F}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [7/12/2008 8:41 PM 79360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979632154-2472622693-673311761-1000Core.job
- c:\users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-25 04:17]
2009-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979632154-2472622693-673311761-1000UA.job
- c:\users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-25 04:17]
2009-08-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 04:26]
2009-08-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 04:26]
2009-08-31 c:\windows\Tasks\User_Feed_Synchronization-{9F67757F-5FC7-4EE1-AFA1-2F404C3EEA2B}.job
- c:\windows\system32\msfeedssync.exe [2009-08-13 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kaijuphile.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: {015F60B8-2D39-41CB-A64B-CBD93D5A3157} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Brandon.Rodan242\AppData\Roaming\Mozilla\Firefox\Profiles\m6uiopqu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kaijuphile.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Brandon.Rodan242\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Brandon.Rodan242\AppData\Roaming\Mozilla\Firefox\Profiles\m6uiopqu.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-31 16:46
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\rundll32.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Zune\ZuneNss.exe
.
**************************************************************************
.
Completion time: 2009-08-31 16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 23:58
ComboFix2.txt 2009-08-31 06:35
Pre-Run: 33,444,622,336 bytes free
Post-Run: 33,416,081,408 bytes free
278 --- E O F --- 2009-08-13 16:47
OTL Log:
OTL logfile created on: 9/1/2009 4:02:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Brandon.Rodan242\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.46 Mb Total Physical Memory | 491.36 Mb Available Physical Memory | 48.06% Memory free
2.24 Gb Paging File | 1.59 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 31.09 Gb Free Space | 41.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.53 Gb Total Space | 34.73 Gb Free Space | 46.61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RODAN242
Current User Name: Brandon
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\Brandon.Rodan242\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL1 Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility [Auto | Running]) -- C:\Windows\System32\FastUv32.dll ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [Auto | Running]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Alpham1 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\Alpham2.sys (Ideazon Corporation)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (COMMONFX.DLL [On_Demand | Stopped]) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Running]) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Running]) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Running]) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Stopped]) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (emupia [On_Demand | Running]) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ha20x2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.kaijuphile.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.kaijuphile.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 21:48:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/15 22:33:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/31 15:48:18 | 00,000,000 | ---D | M]
[2008/09/13 13:04:52 | 00,000,000 | ---D | M] -- C:\Users\Brandon.Rodan242\AppData\Roaming\mozilla\Extensions
[2008/09/13 13:04:52 | 00,000,000 | ---D | M] -- C:\Users\Brandon.Rodan242\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/30 23:47:03 | 00,000,000 | ---D | M] -- C:\Users\Brandon.Rodan242\AppData\Roaming\mozilla\Firefox\Profiles\m6uiopqu.default\extensions
[2009/07/14 16:48:56 | 00,000,000 | ---D | M] -- C:\Users\Brandon.Rodan242\AppData\Roaming\mozilla\Firefox\Profiles\m6uiopqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/04 23:54:51 | 00,000,000 | ---D | M] -- C:\Users\Brandon.Rodan242\AppData\Roaming\mozilla\Firefox\Profiles\m6uiopqu.default\extensions\
[email protected][2009/03/31 17:56:04 | 00,000,000 | ---D | M] -- C:\Users\Brandon.Rodan242\AppData\Roaming\mozilla\Firefox\Profiles\m6uiopqu.default\extensions\
[email protected][2009/08/30 23:47:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/14 20:23:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/01/19 15:29:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/09 17:42:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/13 02:19:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/14 20:23:28 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/14 20:23:28 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/03/19 19:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/14 20:23:30 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/06 11:10:08 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/01/06 11:10:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/01/06 11:10:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/01/06 11:10:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/01/06 11:10:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/01/06 11:10:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/01/06 11:10:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/15 11:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 11:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 11:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 11:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 11:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 11:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 11:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Brandon.Rodan242\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ========== [2009/08/31 16:58:13 | 00,000,000 | ---D | C] -- C:\Users\Brandon.Rodan242\AppData\Local\temp
[2009/08/31 16:57:03 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/31 16:54:54 | 00,041,631 | ---- | C] () -- C:\Windows\System32\certstore.dat
[2009/08/30 22:49:39 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/30 22:49:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/30 22:49:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/30 22:49:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/30 22:49:39 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/30 22:49:39 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/30 22:49:39 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/30 22:49:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/30 22:48:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/30 22:46:50 | 00,000,000 | ---D | C] -- C:\Users\Brandon.Rodan242\Desktop\SysProt
[2009/08/26 18:17:20 | 00,000,000 | ---- | C] () -- C:\Users\Brandon.Rodan242\Desktop\settings.dat
[2009/08/26 17:39:15 | 00,000,000 | ---D | C] -- C:\Users\Brandon.Rodan242\AppData\Local\MigWiz
[2009/08/25 15:55:10 | 10,727,79264 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/24 12:23:06 | 01,471,377 | -H-- | C] () -- C:\Users\Brandon.Rodan242\AppData\Local\IconCache.db
[2009/08/24 11:05:34 | 00,000,000 | ---D | C] -- C:\Toolbox
[2009/08/24 10:44:11 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon.Rodan242\Desktop\OTL.exe
[2009/08/24 10:41:21 | 00,472,064 | ---- | C] ( ) -- C:\Users\Brandon.Rodan242\Desktop\RootRepeal.exe
[2009/08/24 10:38:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/24 10:38:17 | 00,000,733 | ---- | C] () -- C:\Users\Brandon.Rodan242\Desktop\NTREGOPT.lnk
[2009/08/24 10:38:17 | 00,000,714 | ---- | C] () -- C:\Users\Brandon.Rodan242\Desktop\ERUNT.lnk
[2009/08/24 10:38:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/24 10:35:03 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Brandon.Rodan242\Desktop\SysRestorePoint.exe
[2009/08/24 10:05:53 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon.Rodan242\Desktop\TFC.exe
[2009/08/20 23:22:57 | 19,240,7705 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/20 16:56:43 | 00,000,000 | ---D | C] -- C:\Users\Brandon.Rodan242\AppData\Roaming\Malwarebytes
[2009/08/20 16:56:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/20 16:56:27 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/20 16:56:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/20 16:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/20 16:50:51 | 00,000,109 | ---- | C] () -- C:\Users\Brandon.Rodan242\Desktop\fixtm.reg
[2009/08/20 16:45:12 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/08/20 16:45:12 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/08/20 16:45:12 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/08/20 16:45:01 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/08/20 16:44:26 | 00,000,344 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/08/20 16:44:23 | 00,000,322 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/08/20 16:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/08/20 16:43:48 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/08/20 16:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/08/20 16:21:32 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/08/20 16:10:53 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/08/18 23:45:13 | 00,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2009/08/18 23:36:46 | 00,000,000 | ---D | C] -- C:\Program Files\RarZilla
[2009/08/13 09:35:56 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/08/13 09:35:55 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/08/13 09:35:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/08/13 09:35:55 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/08/13 09:35:55 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/08/13 09:35:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/08/13 09:35:42 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/13 09:35:34 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/13 09:35:32 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/13 09:35:30 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/13 09:35:30 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/13 09:35:29 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/13 09:35:29 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/13 09:35:29 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/13 09:35:29 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/13 09:35:29 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/13 09:35:28 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/13 09:35:28 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/13 09:35:28 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/13 09:35:28 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/13 09:35:28 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/13 09:35:28 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/13 09:35:28 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/13 09:35:28 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/13 09:35:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/13 09:35:28 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/13 09:35:28 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/13 09:35:27 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/13 09:35:21 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/13 09:35:21 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/13 09:35:21 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/13 09:35:20 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/13 09:35:20 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/13 09:35:20 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/13 09:35:19 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/13 09:35:19 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/13 09:35:14 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/13 09:35:14 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/08/13 09:35:14 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/08/13 09:35:09 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/13 09:34:55 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/13 09:34:51 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/13 09:34:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/13 09:34:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/13 09:34:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/13 09:34:45 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/13 09:34:43 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/13 09:34:43 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/13 09:34:38 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/08/13 09:34:38 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/13 09:34:38 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/08/13 09:34:38 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/08/13 09:34:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/08/13 09:34:38 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/11/02 10:05:29 | 00,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2008/07/12 20:39:41 | 00,006,123 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2008/07/12 20:34:36 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008/07/12 20:33:03 | 00,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/07/12 20:32:04 | 00,108,544 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/07/12 20:32:04 | 00,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2008/07/11 16:59:46 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/02/25 14:55:32 | 00,101,603 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2008/02/20 21:00:12 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2008/02/20 20:59:14 | 00,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2008/01/27 13:48:07 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/12/21 20:55:55 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/12/19 20:50:15 | 00,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2007/11/23 16:06:54 | 00,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2007/11/23 15:38:09 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/23 12:59:25 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2007/04/12 08:10:28 | 00,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:14:14 | 00,061,440 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
========== Files - Modified Within 30 Days ========== [2009/09/01 15:54:26 | 00,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9F67757F-5FC7-4EE1-AFA1-2F404C3EEA2B}.job
[2009/09/01 15:49:45 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 15:49:45 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 15:49:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/01 15:49:32 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/01 15:49:24 | 10,727,79264 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 22:48:43 | 00,054,400 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000005-00311102}.rfx
[2009/08/31 22:48:43 | 00,054,400 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000008-00001102-00000005-00311102}.rfx
[2009/08/31 22:48:43 | 00,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000008-00001102-00000005-00311102}.rfx
[2009/08/31 22:38:35 | 01,471,377 | -H-- | M] () -- C:\Users\Brandon.Rodan242\AppData\Local\IconCache.db
[2009/08/31 22:22:00 | 00,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2979632154-2472622693-673311761-1000UA.job
[2009/08/31 21:53:28 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/08/31 21:22:02 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2979632154-2472622693-673311761-1000Core.job
[2009/08/31 16:54:54 | 00,041,631 | ---- | M] () -- C:\Windows\System32\certstore.dat
[2009/08/31 16:47:11 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/31 16:46:41 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/31 16:10:35 | 19,240,7705 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/26 18:17:20 | 00,000,000 | ---- | M] () -- C:\Users\Brandon.Rodan242\Desktop\settings.dat
[2009/08/24 10:44:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon.Rodan242\Desktop\OTL.exe
[2009/08/24 10:41:22 | 00,472,064 | ---- | M] ( ) -- C:\Users\Brandon.Rodan242\Desktop\RootRepeal.exe
[2009/08/24 10:38:17 | 00,000,733 | ---- | M] () -- C:\Users\Brandon.Rodan242\Desktop\NTREGOPT.lnk
[2009/08/24 10:38:17 | 00,000,714 | ---- | M] () -- C:\Users\Brandon.Rodan242\Desktop\ERUNT.lnk
[2009/08/24 10:35:07 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Brandon.Rodan242\Desktop\SysRestorePoint.exe
[2009/08/24 10:05:54 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon.Rodan242\Desktop\TFC.exe
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/20 17:15:52 | 00,000,344 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/08/20 17:15:52 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/08/20 16:53:18 | 00,000,109 | ---- | M] () -- C:\Users\Brandon.Rodan242\Desktop\fixtm.reg
[2009/08/18 23:45:34 | 00,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/18 23:45:34 | 00,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/18 23:45:33 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/13 16:03:45 | 00,001,070 | -H-- | M] () -- C:\IPH.PH
[2009/08/13 09:51:41 | 00,311,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >
OTL Extras Log:
OTL Extras logfile created on: 9/1/2009 4:02:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Brandon.Rodan242\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.46 Mb Total Physical Memory | 491.36 Mb Available Physical Memory | 48.06% Memory free
2.24 Gb Paging File | 1.59 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 31.09 Gb Free Space | 41.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.53 Gb Total Space | 34.73 Gb Free Space | 46.61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RODAN242
Current User Name: Brandon
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2979632154-2472622693-673311761-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B36467-6150-46F9-8432-C1FB2B2125EE}" = lport=138 | protocol=17 | dir=in | app=system |
"{0C0164A1-BBD5-4DD0-B0F3-C105582A504C}" = lport=137 | protocol=17 | dir=in | app=system |
"{1A0A986E-CE4D-45BF-9C73-40FC1D8CC6C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FDFED5A-CD0F-4B47-B6D3-E91C772FA1BC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{220A0573-D87E-4CF3-9D83-2E64591FF5D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2471BAC5-D32D-4556-BA19-5F750C9D6174}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27C751D9-59FD-43A3-95DC-8E32D6915DAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2ADE8C37-D274-48D2-9379-BE31CFC44A63}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2CB33569-8C1B-4F69-A35D-508C58D5632E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45CE1B9E-2855-4ECC-95F0-02349885EAB5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{482F901E-8F27-4745-87F7-A643EC3F7E8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B84E4D6-E958-42D7-A09B-99A63EEFB639}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DDEB78B-CC41-4A3B-9A2D-8C265F632E49}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4F1D1887-82FF-4449-A32C-4259BA501082}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60985C8D-3E58-4BF7-B911-535DF6D19946}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65287F63-41D0-4C0B-9751-D57B85F8B30C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{662FC5F1-0B13-4CD9-93E4-E01032B267F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66D8FF28-B2AC-4004-845A-81128B47CDCC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{680DC512-F5BF-4BFA-9F10-958794878582}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D2627E6-4422-4DD6-960E-C93315409F03}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D57F5E6-C0B4-44D9-AEE4-D69F40B3EBB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F65055A-D6FB-4B14-8700-7F94CC8170F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73D762F0-2518-42BE-96D1-2B461209B442}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77A32DDD-D20C-46C7-A152-894138D51299}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{790FD14E-EC26-4A86-B40C-31BCB8015A40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{811F974F-9D10-4308-AD20-78FBAF06EBA8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{864C1C2D-5977-4BAC-B815-9879471B5F8F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{87169361-08BA-4A83-B4D1-CCCA9DBDA946}" = rport=445 | protocol=6 | dir=out | app=system |
"{88AF11AD-23A7-44F2-9D84-976E9F8D5629}" = lport=10243 | protocol=6 | dir=in | app=system |
"{88FEDE0D-D67F-4054-AFBF-4490DA11B28A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91DE6D12-F965-4261-B49D-F06BC87982CA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{93A79AC0-68EF-4852-A1C3-57F76B670FA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CF82142-0C1D-44AB-8DAF-64F3F340EA7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A24FDCCA-6B54-4784-AB6F-160576E878E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A339041D-AECC-40C1-9EB7-26811AEDC600}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A4B9E0FB-36FE-4852-A69B-0DA449D7C325}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A726A60A-1338-4468-9094-D3674D381482}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA4E527D-56E9-4CDA-A182-65174F23A0BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC5B32D0-0685-4181-94C0-6A4AF838BF44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE570E4D-E7AF-4D68-8DDB-E9E07845E3D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{AF7F7ADA-985E-4D32-AA3F-6CDF12B67AC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0E9388D-69B2-4974-B098-58CA31719F81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDB543CF-7822-452F-8DBF-5D85B84D6999}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C2B88D07-77FC-4F4E-8B56-6F3C7725B6AD}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C587CABC-ECE1-4440-9B57-F2041F5267CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8FB28BD-1FD5-4411-8752-A033FD3A1DA6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBD684CC-C5BE-42E8-9189-AD3C7269D45B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D18C17B9-5F73-4F18-9429-2F5E85E1F31D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D57FA5ED-F1C8-49DA-ADE0-9540D88E9100}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3630B8E-C508-4926-A06C-1993150C9A92}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E4C4CEB9-337D-4B72-8D96-DED02C2CB87D}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1B0ABDB-A057-4627-8185-0D90886CAE04}" = lport=139 | protocol=6 | dir=in | app=system |
"{F44725D1-A9B3-4E1F-AC6F-CD00A1FAC403}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F307D8-89D9-4534-B1FF-6417B32B7CB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{02845587-2EEF-4E27-BD15-C4CDD0412EDB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{04BC7DF3-BBDC-447C-B130-9F9DDE483DF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{06C2560D-C034-4D41-AB4E-C22CE2397C8F}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{0DED102C-110E-4681-BD70-A9D766390DE9}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{13A1A0E7-149B-449C-AEE3-084870A3D6EC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{147494DD-7901-4EBB-89A0-60109EA95031}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{16642E16-EF4C-4F30-9921-3D397A23437C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2080DF58-428F-4017-8E20-C595CC5ECF61}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{26453132-050C-4135-900E-0474291EF3D4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{26AED914-1F70-4A93-8DB1-9F3D25AD5382}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{29973C79-E787-48A5-9C40-F111AFE3D8D8}" = protocol=1 | dir=in |
[email protected],-28543 |
"{32C6096F-4AB6-4F09-9935-93ED61D3488E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{355AD689-9714-4782-BABB-312BB66149AA}" = protocol=58 | dir=in |
[email protected],-28545 |
"{380D7E10-D806-4693-9D5B-AD8FED06750F}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{3D38E612-03BF-4350-9E65-3E11252E4D5C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{44184C55-4D12-4160-9AB7-19AD79A9F299}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4478F015-3051-4B98-9E93-38A71270B45D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4E8F4711-784E-4874-8653-46D70F2D72B3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5BA0746C-2900-4687-9E12-9B1FC6A8E1D8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7100C564-68A5-404C-8B7C-D5809069AB39}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{74DF458E-DC85-4DCE-AFA2-08226202FC34}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7A840A6B-7C05-437B-BDD4-6BDE35FB3EDE}" = protocol=1 | dir=out |
[email protected],-28544 |
"{803DEC9E-6BF1-4130-927B-5C71727A6F7A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{87A50525-032C-4FB2-8A92-19E37659D15D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88358A6C-6C31-4387-AA2C-F84FD232637C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A29EF27-E9F7-47F6-9B79-10B26C84D365}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{90FF6D2A-3F90-4226-AABD-7ED0AEBB0C17}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{9170E7C1-447B-42B9-A93D-26BD5A68FE3E}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{9FDB0174-775A-4D21-B862-85109EF78A3E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{B20C61F8-14B7-49C3-8906-B2774C4296D3}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{B9596D3E-44D2-47CE-BDB9-1086A1EF6040}" = protocol=58 | dir=out |
[email protected],-28546 |
"{BB2372DC-61C9-4633-B5B9-C74EFF83A3C1}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{C109EFDB-8157-454B-8BB3-BE53970A26D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6FC6DBF-FEE3-41AD-AEDF-910495C8305B}" = protocol=6 | dir=out | app=system |
"{CF7FA0AB-5BD0-49EB-998C-4E1D73DAE7E3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D027A6EF-BE22-48E6-BAF0-446F59D8D0D4}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{D30E5EE2-1D62-4EE9-93A4-C39273DB0174}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{D8387652-DEE7-446E-B6F6-B5536F5D8C7F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{DAD5296B-01EA-403A-8398-D0F3AC92AF7C}" = protocol=6 | dir=out | app=system |
"{DDA09D6B-B02C-4A9B-A75C-09E88D885DD6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E46537BF-A0EF-47C2-8003-3C7A8171CB69}" = protocol=6 | dir=out | app=system |
"{EAB3D2D6-9D81-4AF4-9BAA-3DD88C371D7B}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{EFC52076-88CA-40C6-8CF4-036E7FDD8C7F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"TCP Query User{3C64B300-38D7-4091-B236-4BE46F00E4CF}C:\games\soldier of fortune\sof.exe" = protocol=6 | dir=in | app=c:\games\soldier of fortune\sof.exe |
"TCP Query User{4F8B0E8B-D4FE-4215-A220-A1A4625CDD12}C:\program files\pieautoupdater\winmx.exe" = protocol=6 | dir=in | app=c:\program files\pieautoupdater\winmx.exe |
"TCP Query User{97BD8DDA-7CE5-43DC-AE35-C0FE1DC10AC6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D3128A9C-F202-4211-90FA-5DA372C74F1D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D3EBEC4C-DEEC-4B37-B357-FD29FE9CD675}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{297A9DB2-C2C8-4F65-8F3D-19214DCFB004}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{91FE160A-72C5-42C5-ACB6-3442AA48AD8E}C:\games\soldier of fortune\sof.exe" = protocol=17 | dir=in | app=c:\games\soldier of fortune\sof.exe |
"UDP Query User{9872F371-0414-460D-AF2C-FAFAA6F1AD60}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AC2B0356-3165-4B29-A454-F31365736F93}C:\program files\pieautoupdater\winmx.exe" = protocol=17 | dir=in | app=c:\program files\pieautoupdater\winmx.exe |
"UDP Query User{AE0F6843-513F-4568-BE78-2F568B057E19}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{16913489-B5E3-403E-AFD3-2B19BBE464D4}" = Opera 9.24
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver
"{2A38B5AA-EA84-4F87-9937-2FB23982243A}" = Sonic Foundry ACID 4.0
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC3B4FF-B033-809F-D74C-927E0408A01F}" = Catalyst Control Center InstallProxy
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BAB0A0F0-44A4-0EA1-8405-1F3F13093A22}" = ATI Catalyst Install Manager
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"AudioCS" = Creative Audio Console
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11
"ERUNT_is1" = ERUNT 1.1j
"Escape Rosecliff Island 1.00" = Escape Rosecliff Island 1.00
"ID3-TagIT 3_is1" = ID3-TagIT 3
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RarZilla Free Unrar 2.53" = RarZilla Free Unrar 2.53
"Smart Recorder" = Creative Smart Recorder
"SQLyog Community" = SQLyog Community 6.15 RC1
"SysInfo" = Creative System Information
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"WaveStudio 7" = Creative WaveStudio 7
"Winamp3" = Winamp3 (remove only)
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 9/1/2009 12:46:01 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0x1690, application
start time 0x01ca2abf1a38f03f.
Error - 9/1/2009 12:48:23 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0x5a0, application
start time 0x01ca2abf6ef51b8a.
Error - 9/1/2009 12:57:20 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0x1674, application
start time 0x01ca2ac0ae5e5d71.
Error - 9/1/2009 1:15:25 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0xab8, application
start time 0x01ca2ac33405ce4d.
Error - 9/1/2009 1:19:42 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0xe6c, application
start time 0x01ca2ac3ce6f9b35.
Error - 9/1/2009 1:24:00 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0x8d0, application
start time 0x01ca2ac468cb1a01.
Error - 9/1/2009 1:33:15 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0xf48, application
start time 0x01ca2ac5b39bea00.
Error - 9/1/2009 1:35:40 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0xb18, application
start time 0x01ca2ac609b353d8.
Error - 9/1/2009 1:38:10 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0x4a4, application
start time 0x01ca2ac662aad50c.
Error - 9/1/2009 1:46:08 AM | Computer Name = Rodan242 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4a481bab, faulting module svchost.exe, version 6.0.6000.16386, time stamp 0x4a481bab,
exception code 0xc0000005, fault offset 0x000019f8, process id 0x5a0, application
start time 0x01ca2ac77f3da7bf.
[ Media Center Events ]
Error - 12/22/2007 2:50:08 PM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 3/3/2008 5:01:57 AM | Computer Name = Rodan242 | Source = McrMgr | ID = 100
Description =
Error - 5/22/2008 7:43:25 PM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/25/2008 3:35:43 PM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/1/2008 4:44:45 PM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/8/2008 1:40:05 AM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 1/6/2009 7:05:51 PM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/27/2009 6:35:47 PM | Computer Name = Rodan242 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 8/31/2009 7:48:39 PM | Computer Name = Rodan242 | Source = DCOM | ID = 10005
Description =
Error - 8/31/2009 7:48:55 PM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7009
Description =
Error - 8/31/2009 7:48:55 PM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7000
Description =
Error - 8/31/2009 7:49:30 PM | Computer Name = Rodan242 | Source = DCOM | ID = 10010
Description =
Error - 8/31/2009 7:49:38 PM | Computer Name = Rodan242 | Source = DCOM | ID = 10010
Description =
Error - 8/31/2009 7:52:47 PM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7022
Description =
Error - 8/31/2009 11:23:44 PM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7000
Description =
Error - 9/1/2009 1:10:51 AM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7000
Description =
Error - 9/1/2009 1:41:47 AM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7000
Description =
Error - 9/1/2009 6:51:06 PM | Computer Name = Rodan242 | Source = Service Control Manager | ID = 7000
Description =
< End of report >