Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Syswow64 virus


  • Please log in to reply

#1
KaarnaNyx

KaarnaNyx

    Member

  • Member
  • PipPip
  • 31 posts
I ran Avast tonight and it found four virus 3 of which were this SysWOW64 virus. I tried moving to chest and deleting them but I get this code: "Error: The system cannot find the file specified (2)". The file names are: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\37c9.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DBBE.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\EC60.tmp

The fourth file was:
C:\Windows\Temp\9B45.tmp (which also received the same error code).

Also when I start up my computer the firewall/windows asks me if I will allow some portion of SysWow to make changes to my harddrive, so far I keep denying it because I dont know where it came from and now I'm worried that if I allow it it will damage things worse. I'm running Win7, and again my virus scanner is Avast! Please help!

Edited by KaarnaNyx, 28 December 2010 - 12:54 AM.

  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OTL logfile created on: 12/28/2010 8:58:04 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Kaarnanyx\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.20 Gb Total Space | 174.71 Gb Free Space | 77.93% Space Free | Partition Type: NTFS
Drive D: | 6.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KAARNANYX-PC | User Name: Kaarnanyx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 08:55:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Kaarnanyx\Downloads\OTL.exe
PRC - [2010/12/23 23:49:50 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\KBDMLT47wow.exe
PRC - [2010/12/23 11:12:10 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\wscapiwow.exe
PRC - [2010/12/22 23:58:03 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\defaultlocationcplwow.exe
PRC - [2010/12/22 14:26:27 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\mciseqwow.exe
PRC - [2010/12/22 14:14:49 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\kbd106wow.exe
PRC - [2010/12/21 18:54:53 | 000,331,776 | -HS- | M] () -- C:\Windows\cdosyswow.exe
PRC - [2010/12/21 06:20:51 | 000,331,776 | -HS- | M] () -- C:\Windows\ws2helpwow.exe
PRC - [2010/12/21 06:20:51 | 000,331,776 | -HS- | M] () -- C:\Windows\VIDRESZRwow.exe
PRC - [2010/12/20 15:42:01 | 000,331,776 | -HS- | M] () -- C:\Windows\api-ms-win-core-heap-l1-1-0wow.exe
PRC - [2010/12/19 23:42:35 | 000,331,776 | -HS- | M] () -- C:\Windows\api-ms-win-core-threadpool-l1-1-0wow.exe
PRC - [2010/12/19 23:15:47 | 000,331,776 | -HS- | M] () -- C:\Windows\msxml6wow.exe
PRC - [2010/12/19 21:00:22 | 000,331,776 | -HS- | M] () -- C:\Windows\UIRibbonReswow.exe
PRC - [2010/12/18 16:51:54 | 000,331,776 | -HS- | M] () -- C:\Windows\mciavi32wow.exe
PRC - [2010/12/18 16:51:54 | 000,331,776 | -HS- | M] () -- C:\Windows\adsldpwow.exe
PRC - [2010/12/15 13:56:25 | 000,499,200 | -HS- | M] (Borland Software Corporation) -- C:\Windows\SampleReswow.exe
PRC - [2010/12/13 23:19:18 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\iaswow.exe
PRC - [2010/12/11 20:41:37 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\odbccr32wow.exe
PRC - [2010/12/11 20:41:37 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\nlsbreswow.exe
PRC - [2010/12/11 12:57:11 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\SortServer2003Compatwow.exe
PRC - [2010/12/11 07:31:19 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\NlsData004cwow.exe
PRC - [2010/12/08 15:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Kaarnanyx\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/12/07 21:42:50 | 000,193,536 | -H-- | M] (Borland Software Corporation) -- C:\Users\Kaarnanyx\AppData\Roaming\Desktop\lsass.exe
PRC - [2010/12/07 21:42:50 | 000,193,536 | -H-- | M] (Borland Software Corporation) -- C:\Users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\csrss.exe
PRC - [2010/12/07 21:41:24 | 001,383,424 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\imagesp132.exe
PRC - [2010/12/07 21:41:24 | 001,383,424 | ---- | M] (Borland Software Corporation) -- C:\Windows\SysWOW64\atiu9pag32.exe
PRC - [2010/09/07 07:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/22 12:25:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/02/22 12:25:08 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/02/22 12:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 20:14:56 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/02 07:06:18 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
PRC - [2009/06/24 13:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/17 20:52:42 | 000,028,672 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell\Dell Photo P703w AIO Printer\Printer\Center\dlSvc.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\Dell Photo P703w AIO Printer\3.2\Apps\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 08:55:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Kaarnanyx\Downloads\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009/07/13 17:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IconCodecService.dll
MOD - [2009/07/13 17:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\atiu9pag32.exe -- (PolicyAgent32)
SRV:64bit: - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/26 22:49:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/12/07 21:41:24 | 001,383,424 | ---- | M] (Borland Software Corporation) [Auto | Running] -- C:\Windows\SysWOW64\atiu9pag32.exe -- (PolicyAgent32)
SRV - [2010/09/01 14:24:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/22 12:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/09/02 07:06:18 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/17 20:52:42 | 000,028,672 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe -- (dlSvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/09 13:59:18 | 000,275,696 | ---- | M] (Dell) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Photo P703w AIO Printer\Printer\Device\DLDiscovery.exe -- (Dell Network Discovery Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 06:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/27 04:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/26 22:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 09:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/24 11:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/22 11:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2009/02/05 19:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/24 16:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EE E8 D3 01 CA C5 BC 44 9C 76 09 91 C1 63 D3 BB [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/09/17 17:41:57 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Mozilla\Extensions
[2010/09/17 17:41:57 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (e65f4503) - {01811C8C-BBA6-041E-55C4-FEABC682D828} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (no name) - {01D3E8EE-C5CA-44BC-9C76-0991C163D3Bb} - C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (e65f4503) - {041A9101-C228-29D5-F6E3-11D9FCD28303} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {07C9ED57-40CA-BC10-53ED-6EAD97165224} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {0C78A0C9-BF67-6D6E-C17E-085DF419DC2A} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {2E30A189-A7A3-FE64-3143-F9477B3204DC} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {3EAA3F59-A277-C08C-C098-72F0C9F63557} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {3ECBB1E6-D40F-32CE-7CEE-9DAF87800363} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {45F2BBB2-2898-078F-C785-60FB6A0D4566} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {5357B92A-46CC-1D96-199E-116747304450} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {5805CFF7-29EE-ED6E-F6F9-8B367E7EE89B} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {5995ABD7-1176-5EDB-2120-BFBD210D7179} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (e65f4503) - {65326418-3BE7-7422-5A44-27496C9CB51B} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {65FAFDC2-2FAC-E5D0-6B76-B2560DF44A90} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {6EBD5F73-EF6D-F1DB-8DD0-B235A51E463F} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {7865E9EA-6FD5-CE43-450D-DEE0AD3B5F7E} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {7ABD6C5C-AEA5-5FEA-F8F4-9C012C4CF508} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {8C08D810-58B3-268F-9FA8-9D3DD3DEC4B1} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {8D6D2CF9-1B34-EE01-F568-A69873C16638} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {90B7434E-3AD8-6756-7340-FA9FA94C0B0A} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {91471F2F-225F-D8C3-9E67-2D264CDC93E7} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {998420C4-518C-C994-1D77-DA0A60E33947} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {9B377D5B-FCE9-CD7A-9E41-C0F95F6B40C9} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {9BFD15C3-C2F4-CD7C-8BB3-C3EA9C7F9EDD} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {A25B88E5-22B8-3090-C518-9B8E6F10124A} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (e65f4503) - {B4A6F399-CCC6-F735-6CCD-9DCB16A2E0F3} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {B635DE61-18D1-172E-0E81-CFDFF35CE108} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {BDCCA9F2-214D-5B08-C027-1DE9EA6B47C8} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {D28F198D-A145-D422-4DA5-079309C3F23F} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {DC440E21-41DA-C9DC-3AF1-9C585966FC36} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {DDD1BB0D-24C2-E23E-0C7D-D28A2F04A41A} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {ECFA4236-AAB5-A04A-ED49-E1C308A9EC61} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {F67D2D32-97B9-847C-B4FC-8BDF5064E26D} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {F7ED9885-4DAA-82A6-24CE-93A634699C3E} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (e65f4503) - {FC1BCCE2-E21C-52CB-26E2-B42161795A27} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLKAStatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\DLKAMUI.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\Dell Photo P703w AIO Printer\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [adsldpwow.exe] C:\Windows\adsldpwow.exe ()
O4 - HKLM..\Run: [api-ms-win-core-heap-l1-1-0wow.exe] C:\Windows\api-ms-win-core-heap-l1-1-0wow.exe ()
O4 - HKLM..\Run: [api-ms-win-core-threadpool-l1-1-0wow.exe] C:\Windows\api-ms-win-core-threadpool-l1-1-0wow.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cdosyswow.exe] C:\Windows\cdosyswow.exe ()
O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
O4 - HKLM..\Run: [defaultlocationcplwow.exe] C:\Windows\defaultlocationcplwow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [iaswow.exe] C:\Windows\iaswow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [kbd106wow.exe] C:\Windows\kbd106wow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [kbdmlt47wow.exe] C:\Windows\KBDMLT47wow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [mciavi32wow.exe] C:\Windows\mciavi32wow.exe ()
O4 - HKLM..\Run: [mciseqwow.exe] C:\Windows\mciseqwow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [msxml6wow.exe] C:\Windows\msxml6wow.exe ()
O4 - HKLM..\Run: [nlsbreswow.exe] C:\Windows\nlsbreswow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [nlsdata004cwow.exe] C:\Windows\NlsData004cwow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [odbccr32wow.exe] C:\Windows\odbccr32wow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RTHDBPL] C:\Users\Kaarnanyx\AppData\Roaming\Desktop\lsass.exe (Borland Software Corporation)
O4 - HKLM..\Run: [samplereswow.exe] C:\Windows\SampleReswow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [sortserver2003compatwow.exe] C:\Windows\SortServer2003Compatwow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [syssetupwow.exe] c:\Windows\syssetupwow.exe (Borland Software Corporation)
O4 - HKLM..\Run: [uiribbonreswow.exe] C:\Windows\UIRibbonReswow.exe ()
O4 - HKLM..\Run: [vidreszrwow.exe] C:\Windows\VIDRESZRwow.exe ()
O4 - HKLM..\Run: [ws2helpwow.exe] C:\Windows\ws2helpwow.exe ()
O4 - HKLM..\Run: [wscapiwow.exe] C:\Windows\wscapiwow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [adsldpwow.exe] C:\Windows\adsldpwow.exe ()
O4 - HKCU..\Run: [api-ms-win-core-heap-l1-1-0wow.exe] C:\Windows\api-ms-win-core-heap-l1-1-0wow.exe ()
O4 - HKCU..\Run: [api-ms-win-core-threadpool-l1-1-0wow.exe] C:\Windows\api-ms-win-core-threadpool-l1-1-0wow.exe ()
O4 - HKCU..\Run: [cdosyswow.exe] C:\Windows\cdosyswow.exe ()
O4 - HKCU..\Run: [ctapo32wow.exe] C:\Windows\ctapo32wow.exe File not found
O4 - HKCU..\Run: [defaultlocationcplwow.exe] C:\Windows\defaultlocationcplwow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [iaswow.exe] C:\Windows\iaswow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [kbd106wow.exe] C:\Windows\kbd106wow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [KBDMLT47wow.exe] C:\Windows\KBDMLT47wow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [mciavi32wow.exe] C:\Windows\mciavi32wow.exe ()
O4 - HKCU..\Run: [mciseqwow.exe] C:\Windows\mciseqwow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msfeedsbswow.exe] C:\Windows\msfeedsbswow.exe File not found
O4 - HKCU..\Run: [msiwow.exe] C:\Windows\msiwow.exe File not found
O4 - HKCU..\Run: [msxml6wow.exe] C:\Windows\msxml6wow.exe ()
O4 - HKCU..\Run: [nlsbreswow.exe] C:\Windows\nlsbreswow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [NlsData004cwow.exe] C:\Windows\NlsData004cwow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [odbccr32wow.exe] C:\Windows\odbccr32wow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [SampleReswow.exe] C:\Windows\SampleReswow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [SortServer2003Compatwow.exe] C:\Windows\SortServer2003Compatwow.exe (Borland Software Corporation)
O4 - HKCU..\Run: [UIRibbonReswow.exe] C:\Windows\UIRibbonReswow.exe ()
O4 - HKCU..\Run: [VIDRESZRwow.exe] C:\Windows\VIDRESZRwow.exe ()
O4 - HKCU..\Run: [wmdrmnetwow.exe] C:\Windows\wmdrmnetwow.exe File not found
O4 - HKCU..\Run: [WMSPDMOEwow.exe] C:\Windows\WMSPDMOEwow.exe File not found
O4 - HKCU..\Run: [ws2helpwow.exe] C:\Windows\ws2helpwow.exe ()
O4 - HKCU..\Run: [wscapiwow.exe] C:\Windows\wscapiwow.exe (Borland Software Corporation)
O4 - Startup: C:\Users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Borland Software Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/18 01:11:44 | 000,000,078 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{cfe819ec-b625-11df-8a65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cfe819ec-b625-11df-8a65-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010/06/18 02:05:02 | 001,568,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/12/25 18:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Interactive
[2010/12/24 01:36:26 | 000,487,424 | -HS- | C] (Borland Software Corporation) -- C:\Windows\KBDMLT47wow.exe
[2010/12/23 11:12:10 | 000,487,424 | -HS- | C] (Borland Software Corporation) -- C:\Windows\wscapiwow.exe
[2010/12/22 23:58:03 | 000,487,424 | -HS- | C] (Borland Software Corporation) -- C:\Windows\defaultlocationcplwow.exe
[2010/12/22 14:26:27 | 000,487,424 | -HS- | C] (Borland Software Corporation) -- C:\Windows\mciseqwow.exe
[2010/12/22 14:25:19 | 000,487,424 | -HS- | C] (Borland Software Corporation) -- C:\Windows\kbd106wow.exe
[2010/12/19 02:44:00 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\Documents\My Games
[2010/12/18 19:37:16 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\Happyville__
[2010/12/18 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\Supermarket Mania 2
[2010/12/18 17:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supermarket Mania 2
[2010/12/18 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HappyVille - Quest for Utopia
[2010/12/15 13:57:12 | 000,499,200 | -HS- | C] (Borland Software Corporation) -- C:\Windows\SampleReswow.exe
[2010/12/13 23:19:19 | 000,495,104 | -HS- | C] (Borland Software Corporation) -- C:\Windows\iaswow.exe
[2010/12/13 15:33:11 | 000,495,104 | -HS- | C] (Borland Software Corporation) -- C:\Windows\nlsbreswow.exe
[2010/12/13 15:33:06 | 000,495,104 | -HS- | C] (Borland Software Corporation) -- C:\Windows\syssetupwow.exe
[2010/12/13 15:32:59 | 000,495,104 | -HS- | C] (Borland Software Corporation) -- C:\Windows\odbccr32wow.exe
[2010/12/13 14:04:06 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\Amazon
[2010/12/13 14:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2010/12/12 03:16:33 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\WinRAR
[2010/12/11 12:57:11 | 000,495,104 | -HS- | C] (Borland Software Corporation) -- C:\Windows\SortServer2003Compatwow.exe
[2010/12/11 07:31:20 | 000,495,104 | -HS- | C] (Borland Software Corporation) -- C:\Windows\NlsData004cwow.exe
[2010/12/11 07:31:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\68B2BBB852549658DC1EC6BAD0B2064E
[2010/12/07 21:49:41 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\FreeFileViewer
[2010/12/07 21:43:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/12/07 21:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\605975089
[2010/12/07 21:42:52 | 001,383,424 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\imagesp132.exe
[2010/12/07 21:42:52 | 000,264,704 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[2010/12/07 21:42:52 | 000,000,000 | -HSD | C] -- C:\Users\Kaarnanyx\AppData\Roaming\Desktop
[2010/12/07 21:42:50 | 001,383,424 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\atiu9pag32.exe
[2010/12/07 21:42:50 | 000,193,536 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\imagesp132.exe
[2010/12/07 21:42:49 | 000,408,064 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
[2010/12/06 22:53:10 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Local\Yahoo!
[2010/12/04 16:45:14 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\Documents\My Digital Editions
[2010/12/04 16:44:05 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\Documents\My Barnes & Noble eBooks
[2010/12/04 16:43:40 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\Barnes & Noble
[2010/12/04 16:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2010/12/04 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Roaming\ViquaSoft
[2010/12/04 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop-n-Spree
[2010/11/28 11:11:14 | 000,000,000 | ---D | C] -- C:\Users\Kaarnanyx\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2010/12/28 08:51:19 | 000,001,185 | ---- | M] () -- C:\ProgramData\1716940330
[2010/12/28 08:48:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 08:48:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 08:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 08:41:27 | 3219,955,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 01:07:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2461102510-1184381975-1191852334-1001UA.job
[2010/12/27 23:05:33 | 000,000,887 | -HS- | M] () -- C:\ProgramData\1182549254
[2010/12/27 21:22:09 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2461102510-1184381975-1191852334-1001Core.job
[2010/12/25 19:41:29 | 000,002,076 | ---- | M] () -- C:\Users\Kaarnanyx\Desktop\Art of Murder - FBI Confidential.lnk
[2010/12/24 23:30:35 | 000,003,743 | ---- | M] () -- C:\Windows\SysWow64\GnuHashes.ini
[2010/12/23 23:49:50 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\KBDMLT47wow.exe
[2010/12/23 11:12:10 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\wscapiwow.exe
[2010/12/22 23:58:03 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\defaultlocationcplwow.exe
[2010/12/22 14:26:27 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\mciseqwow.exe
[2010/12/22 14:14:49 | 000,487,424 | -HS- | M] (Borland Software Corporation) -- C:\Windows\kbd106wow.exe
[2010/12/21 18:54:53 | 000,331,776 | -HS- | M] () -- C:\Windows\cdosyswow.exe
[2010/12/21 06:20:51 | 000,331,776 | -HS- | M] () -- C:\Windows\ws2helpwow.exe
[2010/12/21 06:20:51 | 000,331,776 | -HS- | M] () -- C:\Windows\VIDRESZRwow.exe
[2010/12/20 15:42:01 | 000,331,776 | -HS- | M] () -- C:\Windows\api-ms-win-core-heap-l1-1-0wow.exe
[2010/12/19 23:42:35 | 000,331,776 | -HS- | M] () -- C:\Windows\api-ms-win-core-threadpool-l1-1-0wow.exe
[2010/12/19 23:15:47 | 000,331,776 | -HS- | M] () -- C:\Windows\msxml6wow.exe
[2010/12/19 21:00:22 | 000,331,776 | -HS- | M] () -- C:\Windows\UIRibbonReswow.exe
[2010/12/19 01:22:08 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/12/18 17:43:41 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Play Supermarket Mania 2.lnk
[2010/12/18 17:43:17 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Play HappyVille - Quest for Utopia.lnk
[2010/12/18 16:51:54 | 000,331,776 | -HS- | M] () -- C:\Windows\mciavi32wow.exe
[2010/12/18 16:51:54 | 000,331,776 | -HS- | M] () -- C:\Windows\adsldpwow.exe
[2010/12/17 08:36:42 | 000,322,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/15 13:56:25 | 000,499,200 | -HS- | M] (Borland Software Corporation) -- C:\Windows\SampleReswow.exe
[2010/12/14 11:20:08 | 000,000,165 | ---- | M] () -- C:\ProgramData\sl664655764
[2010/12/14 07:00:02 | 000,002,429 | ---- | M] () -- C:\Users\Kaarnanyx\Desktop\Google Chrome.lnk
[2010/12/13 23:19:18 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\iaswow.exe
[2010/12/11 20:41:37 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\syssetupwow.exe
[2010/12/11 20:41:37 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\odbccr32wow.exe
[2010/12/11 20:41:37 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\nlsbreswow.exe
[2010/12/11 12:57:11 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\SortServer2003Compatwow.exe
[2010/12/11 07:31:19 | 000,495,104 | -HS- | M] (Borland Software Corporation) -- C:\Windows\NlsData004cwow.exe
[2010/12/07 23:10:53 | 000,002,208 | ---- | M] () -- C:\Users\Kaarnanyx\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2010/12/07 23:10:53 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/12/07 21:43:14 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/12/07 21:42:52 | 000,264,704 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[2010/12/07 21:42:52 | 000,000,108 | ---- | M] () -- C:\Windows\SysWow64\1820459553
[2010/12/07 21:42:50 | 000,193,536 | ---- | M] (Borland Software Corporation) -- C:\Windows\SysWow64\imagesp132.exe
[2010/12/07 21:42:49 | 000,408,064 | ---- | M] (Borland Software Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
[2010/12/07 21:41:24 | 001,383,424 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\imagesp132.exe
[2010/12/07 21:41:24 | 001,383,424 | ---- | M] (Borland Software Corporation) -- C:\Windows\SysWow64\atiu9pag32.exe
[2010/12/06 20:09:50 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/06 20:09:50 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/06 20:09:50 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/05 16:18:37 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/04 16:43:43 | 000,001,214 | ---- | M] () -- C:\Users\Kaarnanyx\Desktop\NOOK for PC.lnk
[2010/12/04 12:24:00 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Play Shop-n-Spree.lnk

========== Files Created - No Company Name ==========

[2010/12/25 18:39:26 | 000,002,076 | ---- | C] () -- C:\Users\Kaarnanyx\Desktop\Art of Murder - FBI Confidential.lnk
[2010/12/21 20:50:57 | 000,331,776 | -HS- | C] () -- C:\Windows\cdosyswow.exe
[2010/12/21 14:56:51 | 000,331,776 | -HS- | C] () -- C:\Windows\ws2helpwow.exe
[2010/12/21 14:56:51 | 000,331,776 | -HS- | C] () -- C:\Windows\VIDRESZRwow.exe
[2010/12/20 15:42:02 | 000,331,776 | -HS- | C] () -- C:\Windows\api-ms-win-core-heap-l1-1-0wow.exe
[2010/12/20 06:02:01 | 000,331,776 | -HS- | C] () -- C:\Windows\api-ms-win-core-threadpool-l1-1-0wow.exe
[2010/12/19 23:40:55 | 000,331,776 | -HS- | C] () -- C:\Windows\msxml6wow.exe
[2010/12/19 21:47:09 | 000,331,776 | -HS- | C] () -- C:\Windows\UIRibbonReswow.exe
[2010/12/19 03:36:35 | 000,331,776 | -HS- | C] () -- C:\Windows\mciavi32wow.exe
[2010/12/19 03:36:34 | 000,331,776 | -HS- | C] () -- C:\Windows\adsldpwow.exe
[2010/12/18 17:43:41 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Play Supermarket Mania 2.lnk
[2010/12/18 17:43:17 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Play HappyVille - Quest for Utopia.lnk
[2010/12/18 17:42:56 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/12/14 11:20:08 | 000,000,165 | ---- | C] () -- C:\ProgramData\sl664655764
[2010/12/07 23:10:53 | 000,002,208 | ---- | C] () -- C:\Users\Kaarnanyx\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2010/12/07 23:10:53 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/12/07 21:51:11 | 000,003,743 | ---- | C] () -- C:\Windows\SysWow64\GnuHashes.ini
[2010/12/07 21:43:58 | 000,000,887 | -HS- | C] () -- C:\ProgramData\1182549254
[2010/12/07 21:43:56 | 000,001,185 | ---- | C] () -- C:\ProgramData\1716940330
[2010/12/07 21:43:14 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/12/07 21:42:50 | 000,000,108 | ---- | C] () -- C:\Windows\SysWow64\1820459553
[2010/12/04 16:43:43 | 000,001,214 | ---- | C] () -- C:\Users\Kaarnanyx\Desktop\NOOK for PC.lnk
[2010/12/04 12:24:00 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Play Shop-n-Spree.lnk
[2010/12/03 13:04:23 | 000,002,429 | ---- | C] () -- C:\Users\Kaarnanyx\Desktop\Google Chrome.lnk
[2010/09/27 23:47:05 | 000,080,690 | ---- | C] () -- C:\Users\Kaarnanyx\AppData\Local\installer.log
[2010/09/27 22:58:46 | 000,000,114 | ---- | C] () -- C:\Users\Kaarnanyx\AppData\Roaming\wklnhst.dat
[2010/09/17 10:15:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/22 12:25:56 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/02/22 12:25:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/02/22 12:24:10 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/11/07 12:48:38 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Aerohills
[2010/12/19 23:40:36 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Amazon
[2010/10/17 22:02:36 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Artifex Mundi
[2010/12/04 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Barnes & Noble
[2010/09/17 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Be a King
[2010/10/12 23:04:51 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Be a King 2
[2010/09/17 16:18:58 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Big Fish Games
[2010/09/17 12:08:36 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Coby
[2010/09/17 12:11:52 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Coby Media Manager
[2010/12/07 21:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Desktop
[2010/09/18 02:31:46 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\DivoGames
[2010/12/07 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\FreeFileViewer
[2010/09/18 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Friday's games
[2010/12/13 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\FrostWire
[2010/09/26 22:38:57 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Fugazo
[2010/10/01 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\game
[2010/10/01 02:29:06 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Gamers Digital
[2010/10/18 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Ghost Ship Studios
[2010/12/18 19:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Happyville__
[2010/09/17 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Ladia Group
[2010/10/01 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Meridian93
[2010/11/21 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Merscom
[2010/10/18 09:56:28 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Mutant Arcade
[2010/09/18 03:08:24 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\NatGeoGames
[2010/11/18 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\PlayFirst
[2010/09/17 15:11:08 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\quickclick
[2010/12/18 18:33:56 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Supermarket Mania 2
[2010/09/27 23:47:29 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Temp
[2010/09/27 22:58:49 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\Template
[2010/12/04 15:45:55 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\ViquaSoft
[2010/10/01 02:16:18 | 000,000,000 | ---D | M] -- C:\Users\Kaarnanyx\AppData\Roaming\World-Loom
[2009/07/13 21:08:49 | 000,017,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:90595C34
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:0915A718
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:1B9E79B3
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:08801FDB
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:46A2F27B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CF1334B0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:66871744
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5CE91C67
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:32FFF2D1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8DD20B4A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D453E38B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:831C6B2D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0C13C008
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9F50A55A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F7F6E6CB
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:74091520

< End of report >
  • 0

#4
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
my internet was having issues, so it posted the otl report twice so i apologize for this reply spot...

Edited by KaarnaNyx, 28 December 2010 - 11:36 AM.

  • 0

#5
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OTL Extras logfile created on: 12/28/2010 8:58:04 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Kaarnanyx\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.20 Gb Total Space | 174.71 Gb Free Space | 77.93% Space Free | Partition Type: NTFS
Drive D: | 6.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KAARNANYX-PC | User Name: Kaarnanyx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Kaarnanyx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{876F4556-6811-4341-A6D7-78C3F15420E2}" = FastAccess
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BFC2690C-5BFE-EF2D-1F66-25C8FCA524C9}" = ccc-utility64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0769FB9B-325F-9C06-222C-82694400B7C2}" = CCC Help French
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{11CEAB0B-2456-DF13-FB3A-D72C42CB2209}" = CCC Help Hungarian
"{149EAE8C-344A-5398-D056-E40C2440C3F0}" = CCC Help Korean
"{15861CC0-77F6-474B-B469-EEF420BB5718}" = center
"{15BA5F8C-875A-6796-C3C2-F2D4CAB5F65C}" = Catalyst Control Center Core Implementation
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17E62CCD-5CE8-4E25-9519-C4A3ACEA89A1}" = aioscnnr
"{185BD54C-0B79-18F8-FC4F-E297D310C993}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{229DC55E-14AF-FD20-3031-1BE373C4F967}" = CCC Help Russian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{26D71432-1FD1-4271-902D-052E3DF490FD}" = aiofw
"{277B62C4-4BFD-4BA1-B66A-6D15A37A2AC5}" = aioocr
"{29F9D440-30FF-7DEF-E2FA-F335E8E1CC90}" = Catalyst Control Center Graphics Previews Vista
"{31C12645-6029-4DBE-BEC0-C1F7E9855097}" = ksDIP
"{33E5A59F-F05C-A2DD-7025-B389FECBA8E1}" = CCC Help Greek
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4359CBCA-6445-6999-E87A-EEFA31957C6D}" = CCC Help English
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45C5421D-7A5E-4FE9-8F42-D98DF070E783}" = Coby Media Manager
"{49C8076B-B7E1-4C90-83CE-DF24FE501EBC}" = aioprnt
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C71DA0F-651B-D77C-26BD-73C140A14D8B}" = CCC Help Portuguese
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{5135928B-271C-2D70-B3EE-55A6EDF33D29}" = CCC Help Italian
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{575EE68A-13DD-4BF7-BB30-661583816615}" = Dell Photo P703w WiFi Config Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{657AEEC6-746C-79F8-BF3C-05429368D3AE}" = CCC Help Danish
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{666B17BE-45FF-E205-C950-5EAF95836FFE}" = CCC Help Polish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{721474BC-0A41-D5A1-DEAF-5B225394B854}" = Catalyst Control Center Graphics Full Existing
"{75C3BFAC-3184-5412-92A1-80F4A7900624}" = CCC Help Japanese
"{7710B983-422E-C819-AEF4-ABB954DA65BA}" = CCC Help Chinese Traditional
"{77EAC527-9017-BABC-CAFD-1B2C3293A00A}" = Catalyst Control Center Graphics Previews Common
"{7831C38E-1449-B544-A1E5-E3740AFD6426}" = CCC Help Thai
"{802D12B1-98DE-9AD2-6504-CE1F9EA7AC59}" = CCC Help Dutch
"{80849E4C-0384-4E50-CD49-37DA51FE95BB}" = CCC Help Chinese Standard
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8260F7AE-4A93-C7FC-C21E-4D5CF8FCD075}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = Fusion Utility for Mobility
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{953BD2BE-4CC9-33C7-51B0-A837CEF3CC7A}" = CCC Help German
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B3EE532-616E-7713-3C5E-B673E43A9BF4}" = Skins
"{9C3AAC01-10DA-418F-AEBC-F75500220415}" = AMD Fusion Media Explorer
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BA8DBF3D-1C77-DC57-184B-FE1D9B4C1ABE}" = Catalyst Control Center Graphics Full New
"{BBA8F23C-DE79-72EF-9D29-AE365CF4D996}" = CCC Help Spanish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD948D9D-A4BE-DEF9-F5CB-0BB6A43EE175}" = ccc-core-static
"{C0F1AA8D-0E10-645D-3ED4-B045550F1EAF}" = CCC Help Finnish
"{C958F1AF-CCE9-A1F4-3FC6-0FC0C31EE3A7}" = CCC Help Turkish
"{CEF03F2B-3363-135B-3EBC-6F62010AF59C}" = Catalyst Control Center Localization All
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B9DF7D-1296-4254-9DC7-1AC1C9185237}" = helpug
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF56288E-E66B-4F3F-81FE-03AE4F63F049}" = Dell Photo P703w AIO Printer
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4D6CE1F-BB2F-DDC6-33AD-B2FC59BD9A02}" = CCC Help Swedish
"{EB7A4A1C-1057-6969-4C93-28C536D005A5}" = CCC Help Norwegian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F189E8F1-2E40-86EE-BE6C-B3CD88014751}" = Catalyst Control Center InstallProxy
"{F335EAD6-9B90-4AEC-BBE6-CC8FE4AF69C4}" = Help_CTR
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Art of Murder/EN-English_is1" = Art of Murder: FBI Confidential
"avast5" = avast! Free Antivirus
"BFG-Artist Colony" = Artist Colony
"BFG-Build It Green - Back to the Beach" = Build It Green: Back to the Beach
"BFGC" = Big Fish Games: Game Manager
"BFG-Gourmania" = Gourmania
"BFG-HappyVille - Quest for Utopia" = HappyVille: Quest for Utopia
"BFG-Magic Farm - Ultimate Flower" = Magic Farm: Ultimate Flower
"BFG-Midnight Mysteries - Salem Witch Trials" = Midnight Mysteries: Salem Witch Trials
"BFG-Shop-n-Spree" = Shop-n-Spree
"BFG-Supermarket Mania 2" = Supermarket Mania &reg; 2
"BFG-Yard Sale Hidden Treasures - Lucky Junction" = Yard Sale Hidden Treasures: Lucky Junction
"BN_DesktopReader" = NOOK for PC
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Digital Editions" = Adobe Digital Editions
"FrostWire" = FrostWire 4.21.1
"GoToAssist" = GoToAssist 8.0.0.514
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2010 7:03:28 PM | Computer Name = Kaarnanyx-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/15/2010 7:04:54 PM | Computer Name = Kaarnanyx-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/16/2010 6:25:14 PM | Computer Name = Kaarnanyx-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/17/2010 1:08:31 PM | Computer Name = Kaarnanyx-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/17/2010 1:09:55 PM | Computer Name = Kaarnanyx-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/18/2010 5:29:04 AM | Computer Name = Kaarnanyx-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c54 Start
Time: 01cb9e91f763d743 Termination Time: 78 Application Path: C:\Windows\Explorer.EXE

Report
Id: 3d3bb11c-0a89-11e0-bde0-a4badbb93857

Error - 12/18/2010 5:21:40 PM | Computer Name = Kaarnanyx-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/18/2010 5:23:02 PM | Computer Name = Kaarnanyx-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/18/2010 6:03:57 PM | Computer Name = Kaarnanyx-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/19/2010 7:36:30 AM | Computer Name = Kaarnanyx-PC | Source = EventSystem | ID = 4622
Description =

[ Media Center Events ]
Error - 9/24/2010 10:00:52 PM | Computer Name = Kaarnanyx-PC | Source = MCUpdate | ID = 0
Description = 7:00:49 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 9/24/2010 11:00:58 PM | Computer Name = Kaarnanyx-PC | Source = MCUpdate | ID = 0
Description = 8:00:57 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 9/25/2010 12:01:34 AM | Computer Name = Kaarnanyx-PC | Source = MCUpdate | ID = 0
Description = 9:01:32 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 9/25/2010 1:01:38 AM | Computer Name = Kaarnanyx-PC | Source = MCUpdate | ID = 0
Description = 10:01:37 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

[ System Events ]
Error - 12/25/2010 5:21:20 PM | Computer Name = Kaarnanyx-PC | Source = Service Control Manager | ID = 7003
Description = The Dell Network Discovery Service service depends the following service:
Bonjour Service. This service might not be installed.

Error - 12/25/2010 5:21:27 PM | Computer Name = Kaarnanyx-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%14

Error - 12/25/2010 5:21:27 PM | Computer Name = Kaarnanyx-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.

Error - 12/25/2010 5:21:27 PM | Computer Name = Kaarnanyx-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.

Error - 12/25/2010 5:21:27 PM | Computer Name = Kaarnanyx-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.

Error - 12/26/2010 1:41:57 AM | Computer Name = Kaarnanyx-PC | Source = Service Control Manager | ID = 7003
Description = The Dell Network Discovery Service service depends the following service:
Bonjour Service. This service might not be installed.

Error - 12/26/2010 3:07:08 AM | Computer Name = Kaarnanyx-PC | Source = Service Control Manager | ID = 7003
Description = The Dell Network Discovery Service service depends the following service:
Bonjour Service. This service might not be installed.

Error - 12/26/2010 3:07:13 AM | Computer Name = Kaarnanyx-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.

Error - 12/26/2010 3:07:13 AM | Computer Name = Kaarnanyx-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 0 The details view of this entry
contains further information.

Error - 12/26/2010 3:07:13 AM | Computer Name = Kaarnanyx-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains
further information.


< End of report >
  • 0

#6
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Windows\cdosyswow.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Please repeat for
  • C:\Windows\ws2helpwow.exe

  • 0

#7
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
VirSCAN.org Scanned Report :
Scanned time : 2010/12/29 10:21:39 (PST)
Scanner results: 58% Scanner(s) (21/36) found malware!
File Name : cdosyswow.exe
File Size : 331776 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : de19ef395be07ea4a24d6326c93b45d0
SHA1 : 45edfaad4c5a139c44649d8ff19f66bcac9736ba
Online report : http://virscan.org/r...28fff8d510.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20101229000922 2010-12-29 5.08 Trojan-GameThief.Win32.WOW!IK
AhnLab V3 2010.12.29.02 2010.12.29 2010-12-29 5.07 Win-Trojan/Securisk
AntiVir 8.2.4.131 7.11.0.220 2010-12-29 0.27 TR/Malagent.A.154
Antiy 2.0.18 20101228.6954489 2010-12-28 0.12 Trojan/Win32.WOW.adsk[GameThief]
Arcavir 2010 201012300015 2010-12-30 0.10 -
Authentium 5.1.1 201012290739 2010-12-29 1.75 -
AVAST! 4.7.4 101229-0 2010-12-29 0.03 -
AVG 8.5.850 271.1.1/3346 2010-12-29 0.23 Generic20.AZJR
BitDefender 7.90123.6516156 7.35433 2010-12-30 5.97 Trojan.Generic.5263755
ClamAV 0.96.5 12453 2010-12-29 0.06 -
Comodo 4.0 7230 2010-12-29 0.93 TrojWare.Win32.Trojan.Agent.Gen
CP Secure 1.3.0.5 2010.12.30 2010-12-30 0.08 -
Dr.Web 5.0.2.3300 2010.12.30 2010-12-30 10.37 BACKDOOR.Trojan
F-Prot 4.4.4.56 20101229 2010-12-29 2.04 -
F-Secure 7.02.73807 2010.12.29.08 2010-12-29 0.14 Trojan-GameThief.Win32.WOW.adsk [AVP]
Fortinet 4.2.254 12.730 2010-12-29 0.20 -
GData 21.1429/21.574 20101229 2010-12-29 9.17 Trojan-GameThief.Win32.WOW.adsk [Engine:A]
ViRobot 20101229 2010.12.29 2010-12-29 0.38 -
Ikarus T3.1.32.15.0 2010.12.29.77439 2010-12-29 4.91 Trojan-GameThief.Win32.WOW
JiangMin 13.0.900 2010.12.29 2010-12-29 1.37 -
Kaspersky 5.5.10 2010.12.29 2010-12-29 0.09 Trojan-GameThief.Win32.WOW.adsk
KingSoft 2009.2.5.15 2010.12.29.18 2010-12-29 0.69 -
McAfee 5400.1158 6211 2010-12-29 18.33 Generic.dx!vha
Microsoft 1.6402 2010.12.29 2010-12-29 3.62 Trojan:Win32/Malagent
Norman 6.06.12 6.06.00 2010-12-27 8.02 -
Panda 9.05.01 2010.12.29 2010-12-29 2.72 Generic Malware
Trend Micro 9.200-1012 7.734.11 2010-12-29 0.03 TROJ_AGENTT.FY
Quick Heal 11.00 2010.12.29 2010-12-29 1.12 -
Rising 20.0 22.80.02.01 2010-12-29 1.60 Trojan.Win32.Generic.525200AB
Sophos 3.14.1 4.60 2010-12-30 3.14 Mal/Generic-L
Sunbelt 3.9.2464.2 7875 2010-12-29 0.84 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20101229.004 2010-12-29 0.86 Trojan.Gen.2
nProtect 20101225.01 9426873 2010-12-25 16.78 Trojan.Generic.5263755
The Hacker 6.7.0.1 v00108 2010-12-29 0.59 -
VBA32 3.12.14.2 20101228.1021 2010-12-28 3.98 -
VirusBuster 4.5.11.10 10.130.56/1998245 2010-12-29 2.78 -
  • 0

#8
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
VirSCAN.org Scanned Report :
Scanned time : 2010/12/29 10:25:36 (PST)
Scanner results: 58% Scanner(s) (21/36) found malware!
File Name : ws2helpwow.exe
File Size : 331776 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : de19ef395be07ea4a24d6326c93b45d0
SHA1 : 45edfaad4c5a139c44649d8ff19f66bcac9736ba
Online report : http://virscan.org/r...0226815117.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20101229000922 2010-12-29 4.96 Trojan-GameThief.Win32.WOW!IK
AhnLab V3 2010.12.29.02 2010.12.29 2010-12-29 1.41 Win-Trojan/Securisk
AntiVir 8.2.4.131 7.11.0.220 2010-12-29 0.27 TR/Malagent.A.154
Antiy 2.0.18 20101228.6954489 2010-12-28 0.12 Trojan/Win32.WOW.adsk[GameThief]
Arcavir 2010 201012300015 2010-12-30 0.09 -
Authentium 5.1.1 201012290739 2010-12-29 1.72 -
AVAST! 4.7.4 101229-0 2010-12-29 0.02 -
AVG 8.5.850 271.1.1/3346 2010-12-29 0.23 Generic20.AZJR
BitDefender 7.90123.6516156 7.35433 2010-12-30 6.05 Trojan.Generic.5263755
ClamAV 0.96.5 12453 2010-12-29 0.01 -
Comodo 4.0 7230 2010-12-29 0.93 TrojWare.Win32.Trojan.Agent.Gen
CP Secure 1.3.0.5 2010.12.30 2010-12-30 0.08 -
Dr.Web 5.0.2.3300 2010.12.30 2010-12-30 10.19 BACKDOOR.Trojan
F-Prot 4.4.4.56 20101229 2010-12-29 2.02 -
F-Secure 7.02.73807 2010.12.29.08 2010-12-29 11.70 Trojan-GameThief.Win32.WOW.adsk [AVP]
Fortinet 4.2.254 12.730 2010-12-29 0.17 -
GData 21.1429/21.574 20101229 2010-12-29 12.24 Trojan-GameThief.Win32.WOW.adsk [Engine:A]
ViRobot 20101229 2010.12.29 2010-12-29 0.42 -
Ikarus T3.1.32.15.0 2010.12.29.77439 2010-12-29 4.90 Trojan-GameThief.Win32.WOW
JiangMin 13.0.900 2010.12.29 2010-12-29 2.44 -
Kaspersky 5.5.10 2010.12.29 2010-12-29 0.08 Trojan-GameThief.Win32.WOW.adsk
KingSoft 2009.2.5.15 2010.12.29.18 2010-12-29 0.77 -
McAfee 5400.1158 6211 2010-12-29 18.27 Generic.dx!vha
Microsoft 1.6402 2010.12.29 2010-12-29 9.66 Trojan:Win32/Malagent
Norman 6.06.12 6.06.00 2010-12-27 8.01 -
Panda 9.05.01 2010.12.29 2010-12-29 2.73 Generic Malware
Trend Micro 9.200-1012 7.734.11 2010-12-29 0.03 TROJ_AGENTT.FY
Quick Heal 11.00 2010.12.29 2010-12-29 1.31 -
Rising 20.0 22.80.02.01 2010-12-29 1.49 Trojan.Win32.Generic.525200AB
Sophos 3.14.1 4.60 2010-12-30 3.09 Mal/Generic-L
Sunbelt 3.9.2464.2 7876 2010-12-29 0.58 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20101229.004 2010-12-29 0.64 Trojan.Gen.2
nProtect 20101225.01 9426873 2010-12-25 15.55 Trojan.Generic.5263755
The Hacker 6.7.0.1 v00108 2010-12-29 0.41 -
VBA32 3.12.14.2 20101228.1021 2010-12-28 3.98 -
VirusBuster 4.5.11.10 10.130.56/1998245 2010-12-29 2.76 -
  • 0

#9
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I ran combofix, but now my docking bar is missing...will i be able to get it back???

C:\ComboFix.txt

ComboFix 10-12-29.02 - Kaarnanyx 12/30/2010 0:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2800 [GMT -8:00]
Running from: c:\users\Kaarnanyx\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\api-ms-win-core-memory-l1-1-032.dll
c:\programdata\SysWoW32
c:\programdata\SysWoW32\@u1282821900v0
c:\programdata\SysWoW32\@u1282821900v1
c:\programdata\SysWoW32\@u1282821900v2
c:\programdata\SysWoW32\@u1282821900v3
c:\programdata\SysWoW32\_u1282821900v0
c:\programdata\SysWoW32\_u1282821900v1
c:\programdata\SysWoW32\_u1282821900v2
c:\programdata\SysWoW32\_u1282821900v3
c:\programdata\SysWoW32\mu1282821900v4
c:\programdata\SysWoW32\mu1282821900v4.kwd
c:\programdata\SysWoW32\mu1282821900v5
c:\programdata\SysWoW32\mu1282821900v5.kwd
c:\programdata\SysWoW32\mu1282821900v6
c:\programdata\SysWoW32\mu1282821900v6.kwd
c:\programdata\SysWoW32\mu1282821900v7
c:\programdata\SysWoW32\mu1282821900v7.kwd
c:\programdata\SysWoW32\wu1282821900v0
c:\programdata\SysWoW32\wu1282821900v0.kwd
c:\programdata\SysWoW32\wu1282821900v1
c:\programdata\SysWoW32\wu1282821900v1.kwd
c:\programdata\SysWoW32\wu1282821900v2
c:\programdata\SysWoW32\wu1282821900v2.kwd
c:\programdata\SysWoW32\wu1282821900v3
c:\programdata\SysWoW32\wu1282821900v3.kwd
c:\programdata\unrar.exe
c:\windows\adsldpwow.exe
c:\windows\api-ms-win-core-heap-l1-1-0wow.exe
c:\windows\api-ms-win-core-threadpool-l1-1-0wow.exe
c:\windows\cdosyswow.exe
c:\windows\defaultlocationcplwow.exe
c:\windows\iaswow.exe
c:\windows\kbd106wow.exe
c:\windows\KBDMLT47wow.exe
c:\windows\mciavi32wow.exe
c:\windows\mciseqwow.exe
c:\windows\msxml6wow.exe
c:\windows\nlsbreswow.exe
c:\windows\NlsData004cwow.exe
c:\windows\odbccr32wow.exe
c:\windows\SampleReswow.exe
c:\windows\SortServer2003Compatwow.exe
c:\windows\UIRibbonReswow.exe
c:\windows\VIDRESZRwow.exe
c:\windows\ws2helpwow.exe
c:\windows\wscapiwow.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 09:14 . 2010-12-30 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-29 00:12 . 2010-11-16 20:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E198214B-7EE8-4F1C-985B-781E7D3C95E4}\mpengine.dll
2010-12-26 02:35 . 2010-12-26 02:35 -------- dc----w- c:\program files (x86)\City Interactive
2010-12-19 03:37 . 2010-12-19 03:37 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Happyville__
2010-12-19 02:32 . 2010-12-19 02:33 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Supermarket Mania 2
2010-12-19 01:43 . 2010-12-19 01:43 -------- dc----w- c:\program files (x86)\Supermarket Mania 2
2010-12-19 01:43 . 2010-12-19 01:43 -------- dc----w- c:\program files (x86)\HappyVille - Quest for Utopia
2010-12-15 22:34 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-15 22:34 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-15 22:34 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-15 22:34 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-15 22:34 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-15 22:34 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 22:34 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 22:33 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-15 22:33 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 22:33 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 22:33 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-13 23:33 . 2010-12-12 04:41 495104 --sh--w- c:\windows\syssetupwow.exe
2010-12-13 22:04 . 2010-12-20 07:40 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Amazon
2010-12-13 22:00 . 2010-12-20 07:40 -------- dc----w- c:\program files (x86)\Amazon
2010-12-11 15:31 . 2010-12-29 00:08 -------- d-sh--w- c:\programdata\68B2BBB852549658DC1EC6BAD0B2064E
2010-12-09 14:14 . 2010-12-09 14:14 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 05:49 . 2010-12-08 05:53 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\FreeFileViewer
2010-12-08 05:43 . 2010-12-28 18:43 -------- d-----w- c:\programdata\605975089
2010-12-08 05:42 . 2010-12-08 05:42 -------- d-sh--w- c:\users\Kaarnanyx\AppData\Roaming\Desktop
2010-12-08 05:42 . 2010-12-08 05:41 1383424 ----a-w- c:\programdata\imagesp132.exe
2010-12-08 05:42 . 2010-12-08 05:42 193536 ---h--w- c:\users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\csrss.exe
2010-12-08 05:42 . 2010-12-08 05:42 193536 ----a-w- c:\windows\SysWow64\imagesp132.exe
2010-12-08 05:42 . 2010-12-08 05:42 408064 ----a-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
2010-12-07 06:53 . 2010-12-07 06:53 -------- d-----w- c:\users\Kaarnanyx\AppData\Local\Yahoo!
2010-12-05 00:43 . 2010-12-05 00:43 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Barnes & Noble
2010-12-05 00:43 . 2010-12-05 00:43 -------- dc----w- c:\program files (x86)\Barnes & Noble
2010-12-04 23:45 . 2010-12-04 23:45 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\ViquaSoft
2010-12-04 20:23 . 2010-12-04 20:24 -------- dc----w- c:\program files (x86)\Shop-n-Spree

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 02:53 . 2010-09-01 22:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01D3E8EE-C5CA-44BC-9C76-0991C163D3Bb}]
2010-12-08 05:42 408064 ----a-w- c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Kaarnanyx\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-17 136176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Album Starter Edition\Dell Photo P703w AIO Printer\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RTHDBPL"="c:\users\Kaarnanyx\AppData\Roaming\Desktop\lsass.exe" [2010-12-08 193536]
"syssetupwow.exe"="c:\windows\syssetupwow.exe" [2010-12-12 495104]

c:\users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Dell Network Discovery Service;Dell Network Discovery Service;c:\program files (x86)\Dell\Dell Photo P703w AIO Printer\Printer\Device\DLDiscovery.exe [2008-09-09 275696]
R2 PolicyAgent32;IPsec Policy Agent ;c:\windows\system32\atiu9pag32.exe [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-27 202752]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [2009-09-02 383544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 dlSvc;Dell Photo Device Service;c:\program files (x86)\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe [2008-11-18 28672]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-27 6659072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-27 195584]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]

.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461102510-1184381975-1191852334-1001Core.job
- c:\users\Kaarnanyx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 17:57]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461102510-1184381975-1191852334-1001UA.job
- c:\users\Kaarnanyx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 17:57]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF21148.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
"DLKAStatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\DLKAMUI.exe" [2009-09-06 1679360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -

BHO-{01811C8C-BBA6-041E-55C4-FEABC682D828} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{041A9101-C228-29D5-F6E3-11D9FCD28303} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{07C9ED57-40CA-BC10-53ED-6EAD97165224} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{0C78A0C9-BF67-6D6E-C17E-085DF419DC2A} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{2E30A189-A7A3-FE64-3143-F9477B3204DC} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{3EAA3F59-A277-C08C-C098-72F0C9F63557} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{3ECBB1E6-D40F-32CE-7CEE-9DAF87800363} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{45F2BBB2-2898-078F-C785-60FB6A0D4566} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{5357B92A-46CC-1D96-199E-116747304450} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{5805CFF7-29EE-ED6E-F6F9-8B367E7EE89B} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{5995ABD7-1176-5EDB-2120-BFBD210D7179} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{65326418-3BE7-7422-5A44-27496C9CB51B} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{65FAFDC2-2FAC-E5D0-6B76-B2560DF44A90} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{6EBD5F73-EF6D-F1DB-8DD0-B235A51E463F} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{7865E9EA-6FD5-CE43-450D-DEE0AD3B5F7E} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{7ABD6C5C-AEA5-5FEA-F8F4-9C012C4CF508} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{8C08D810-58B3-268F-9FA8-9D3DD3DEC4B1} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{8D6D2CF9-1B34-EE01-F568-A69873C16638} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{90B7434E-3AD8-6756-7340-FA9FA94C0B0A} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{91471F2F-225F-D8C3-9E67-2D264CDC93E7} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{998420C4-518C-C994-1D77-DA0A60E33947} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{9B377D5B-FCE9-CD7A-9E41-C0F95F6B40C9} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{9BFD15C3-C2F4-CD7C-8BB3-C3EA9C7F9EDD} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{A25B88E5-22B8-3090-C518-9B8E6F10124A} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{B4A6F399-CCC6-F735-6CCD-9DCB16A2E0F3} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{B635DE61-18D1-172E-0E81-CFDFF35CE108} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{BDCCA9F2-214D-5B08-C027-1DE9EA6B47C8} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{D28F198D-A145-D422-4DA5-079309C3F23F} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{DC440E21-41DA-C9DC-3AF1-9C585966FC36} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{DDD1BB0D-24C2-E23E-0C7D-D28A2F04A41A} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{ECFA4236-AAB5-A04A-ED49-E1C308A9EC61} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{F67D2D32-97B9-847C-B4FC-8BDF5064E26D} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{F7ED9885-4DAA-82A6-24CE-93A634699C3E} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
BHO-{FC1BCCE2-E21C-52CB-26E2-B42161795A27} - c:\programdata\api-ms-win-core-memory-l1-1-032.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-NlsData004cwow.exe - c:\windows\NlsData004cwow.exe
Wow6432Node-HKCU-Run-SortServer2003Compatwow.exe - c:\windows\SortServer2003Compatwow.exe
Wow6432Node-HKCU-Run-odbccr32wow.exe - c:\windows\odbccr32wow.exe
Wow6432Node-HKCU-Run-nlsbreswow.exe - c:\windows\nlsbreswow.exe
Wow6432Node-HKCU-Run-iaswow.exe - c:\windows\iaswow.exe
Wow6432Node-HKCU-Run-SampleReswow.exe - c:\windows\SampleReswow.exe
Wow6432Node-HKCU-Run-msfeedsbswow.exe - c:\windows\msfeedsbswow.exe
Wow6432Node-HKCU-Run-mciavi32wow.exe - c:\windows\mciavi32wow.exe
Wow6432Node-HKCU-Run-adsldpwow.exe - c:\windows\adsldpwow.exe
Wow6432Node-HKCU-Run-UIRibbonReswow.exe - c:\windows\UIRibbonReswow.exe
Wow6432Node-HKCU-Run-msxml6wow.exe - c:\windows\msxml6wow.exe
Wow6432Node-HKCU-Run-api-ms-win-core-threadpool-l1-1-0wow.exe - c:\windows\api-ms-win-core-threadpool-l1-1-0wow.exe
Wow6432Node-HKCU-Run-api-ms-win-core-heap-l1-1-0wow.exe - c:\windows\api-ms-win-core-heap-l1-1-0wow.exe
Wow6432Node-HKCU-Run-VIDRESZRwow.exe - c:\windows\VIDRESZRwow.exe
Wow6432Node-HKCU-Run-ws2helpwow.exe - c:\windows\ws2helpwow.exe
Wow6432Node-HKCU-Run-cdosyswow.exe - c:\windows\cdosyswow.exe
Wow6432Node-HKCU-Run-mciseqwow.exe - c:\windows\mciseqwow.exe
Wow6432Node-HKCU-Run-kbd106wow.exe - c:\windows\kbd106wow.exe
Wow6432Node-HKCU-Run-defaultlocationcplwow.exe - c:\windows\defaultlocationcplwow.exe
Wow6432Node-HKCU-Run-wscapiwow.exe - c:\windows\wscapiwow.exe
Wow6432Node-HKCU-Run-KBDMLT47wow.exe - c:\windows\KBDMLT47wow.exe
Wow6432Node-HKCU-Run-wmdrmnetwow.exe - c:\windows\wmdrmnetwow.exe
Wow6432Node-HKCU-Run-ctapo32wow.exe - c:\windows\ctapo32wow.exe
Wow6432Node-HKCU-Run-msiwow.exe - c:\windows\msiwow.exe
Wow6432Node-HKCU-Run-WMSPDMOEwow.exe - c:\windows\WMSPDMOEwow.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-nlsdata004cwow.exe - c:\windows\NlsData004cwow.exe
Wow6432Node-HKLM-Run-sortserver2003compatwow.exe - c:\windows\SortServer2003Compatwow.exe
Wow6432Node-HKLM-Run-odbccr32wow.exe - c:\windows\odbccr32wow.exe
Wow6432Node-HKLM-Run-nlsbreswow.exe - c:\windows\nlsbreswow.exe
Wow6432Node-HKLM-Run-samplereswow.exe - c:\windows\SampleReswow.exe
Wow6432Node-HKLM-Run-mciavi32wow.exe - c:\windows\mciavi32wow.exe
Wow6432Node-HKLM-Run-adsldpwow.exe - c:\windows\adsldpwow.exe
Wow6432Node-HKLM-Run-uiribbonreswow.exe - c:\windows\UIRibbonReswow.exe
Wow6432Node-HKLM-Run-msxml6wow.exe - c:\windows\msxml6wow.exe
Wow6432Node-HKLM-Run-api-ms-win-core-threadpool-l1-1-0wow.exe - c:\windows\api-ms-win-core-threadpool-l1-1-0wow.exe
Wow6432Node-HKLM-Run-api-ms-win-core-heap-l1-1-0wow.exe - c:\windows\api-ms-win-core-heap-l1-1-0wow.exe
Wow6432Node-HKLM-Run-ws2helpwow.exe - c:\windows\ws2helpwow.exe
Wow6432Node-HKLM-Run-vidreszrwow.exe - c:\windows\VIDRESZRwow.exe
Wow6432Node-HKLM-Run-cdosyswow.exe - c:\windows\cdosyswow.exe
Wow6432Node-HKLM-Run-kbd106wow.exe - c:\windows\kbd106wow.exe
Wow6432Node-HKLM-Run-mciseqwow.exe - c:\windows\mciseqwow.exe
Wow6432Node-HKLM-Run-defaultlocationcplwow.exe - c:\windows\defaultlocationcplwow.exe
Wow6432Node-HKLM-Run-wscapiwow.exe - c:\windows\wscapiwow.exe
Wow6432Node-HKLM-Run-kbdmlt47wow.exe - c:\windows\KBDMLT47wow.exe
Wow6432Node-HKLM-Run-iaswow.exe - c:\windows\iaswow.exe
Toolbar-Locked - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\csrss.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2010-12-30 01:53:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 09:53

Pre-Run: 191,008,485,376 bytes free
Post-Run: 190,863,835,136 bytes free

- - End Of File - - 595311E04EF28E096DDFB6B799C5978C
  • 0

Advertisements


#11
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
The tool bar at the bottom of the screen?

Is the desktop all visible?
  • 0

#12
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The windows 7 docking bar that sits on one side of your screen all the time. Not the toolbar, but either way it came back this am when I booted my computer back up. Sorry for the confusion
  • 0

#13
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
ComboFix Script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

Driver::
PolicyAgent32

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"syssetupwow.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

File::
c:\windows\system32\atiu9pag32.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I need you to include in your next reply.
  • 0

#14
KaarnaNyx

KaarnaNyx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I hope I did this right, I was a tiny bit confused...

C:\ComboFix.txt

ComboFix 10-12-29.02 - Kaarnanyx 12/30/2010 13:37:12.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2880 [GMT -8:00]
Running from: c:\users\Kaarnanyx\Downloads\ComboFix.exe
Command switches used :: c:\users\Kaarnanyx\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\atiu9pag32.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\api-ms-win-core-memory-l1-1-032.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PolicyAgent32


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 21:51 . 2010-12-30 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-29 00:12 . 2010-11-16 20:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E198214B-7EE8-4F1C-985B-781E7D3C95E4}\mpengine.dll
2010-12-26 02:35 . 2010-12-26 02:35 -------- dc----w- c:\program files (x86)\City Interactive
2010-12-19 03:37 . 2010-12-19 03:37 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Happyville__
2010-12-19 02:32 . 2010-12-19 02:33 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Supermarket Mania 2
2010-12-19 01:43 . 2010-12-19 01:43 -------- dc----w- c:\program files (x86)\Supermarket Mania 2
2010-12-19 01:43 . 2010-12-19 01:43 -------- dc----w- c:\program files (x86)\HappyVille - Quest for Utopia
2010-12-15 22:34 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-15 22:34 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-15 22:34 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-15 22:34 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-15 22:34 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-15 22:34 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 22:34 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 22:33 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-15 22:33 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 22:33 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 22:33 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-13 23:33 . 2010-12-12 04:41 495104 --sh--w- c:\windows\syssetupwow.exe
2010-12-13 22:04 . 2010-12-20 07:40 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Amazon
2010-12-13 22:00 . 2010-12-20 07:40 -------- dc----w- c:\program files (x86)\Amazon
2010-12-11 15:31 . 2010-12-29 00:08 -------- d-sh--w- c:\programdata\68B2BBB852549658DC1EC6BAD0B2064E
2010-12-09 14:14 . 2010-12-09 14:14 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 05:49 . 2010-12-08 05:53 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\FreeFileViewer
2010-12-08 05:43 . 2010-12-28 18:43 -------- d-----w- c:\programdata\605975089
2010-12-08 05:42 . 2010-12-08 05:42 -------- d-sh--w- c:\users\Kaarnanyx\AppData\Roaming\Desktop
2010-12-08 05:42 . 2010-12-08 05:41 1383424 ----a-w- c:\programdata\imagesp132.exe
2010-12-08 05:42 . 2010-12-08 05:42 193536 ---h--w- c:\users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\csrss.exe
2010-12-08 05:42 . 2010-12-08 05:42 193536 ----a-w- c:\windows\SysWow64\imagesp132.exe
2010-12-08 05:42 . 2010-12-08 05:42 408064 ----a-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
2010-12-07 06:53 . 2010-12-07 06:53 -------- d-----w- c:\users\Kaarnanyx\AppData\Local\Yahoo!
2010-12-05 00:43 . 2010-12-05 00:43 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\Barnes & Noble
2010-12-05 00:43 . 2010-12-05 00:43 -------- dc----w- c:\program files (x86)\Barnes & Noble
2010-12-04 23:45 . 2010-12-04 23:45 -------- d-----w- c:\users\Kaarnanyx\AppData\Roaming\ViquaSoft
2010-12-04 20:23 . 2010-12-04 20:24 -------- dc----w- c:\program files (x86)\Shop-n-Spree

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 02:53 . 2010-09-01 22:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-30_09.19.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2010-12-30 21:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-30 09:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-30 09:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-30 21:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-30 09:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-30 21:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-01 22:41 . 2010-12-30 21:31 45684 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2010-12-30 09:20 40446 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-30 22:01 40446 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-18 05:59 . 2010-12-30 22:01 10152 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2461102510-1184381975-1191852334-1001_UserData.bin
- 2010-09-17 17:43 . 2010-12-30 09:19 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 17:43 . 2010-12-30 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-30 09:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-30 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-17 18:07 . 2010-12-30 09:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 18:07 . 2010-12-30 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 18:07 . 2010-12-30 21:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-17 18:07 . 2010-12-30 09:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-17 18:07 . 2010-12-30 09:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 18:07 . 2010-12-30 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-17 18:07 . 2010-12-30 09:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 18:07 . 2010-12-30 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-17 18:07 . 2010-12-30 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-17 18:07 . 2010-12-30 09:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-30 09:17 . 2010-12-30 09:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-30 21:54 . 2010-12-30 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-30 21:54 . 2010-12-30 21:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-30 09:17 . 2010-12-30 09:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2010-12-30 21:56 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2010-12-30 09:19 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-09-17 17:43 . 2010-12-30 09:19 147456 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-17 17:43 . 2010-12-30 21:56 147456 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2010-12-29 19:48 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-30 18:33 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01811C8C-BBA6-041E-55C4-FEABC682D828}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01D3E8EE-C5CA-44BC-9C76-0991C163D3Bb}]
2010-12-08 05:42 408064 ----a-w- c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{041A9101-C228-29D5-F6E3-11D9FCD28303}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{07C9ED57-40CA-BC10-53ED-6EAD97165224}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0C78A0C9-BF67-6D6E-C17E-085DF419DC2A}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2E30A189-A7A3-FE64-3143-F9477B3204DC}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3EAA3F59-A277-C08C-C098-72F0C9F63557}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3ECBB1E6-D40F-32CE-7CEE-9DAF87800363}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{45F2BBB2-2898-078F-C785-60FB6A0D4566}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5357B92A-46CC-1D96-199E-116747304450}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5805CFF7-29EE-ED6E-F6F9-8B367E7EE89B}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5995ABD7-1176-5EDB-2120-BFBD210D7179}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{65326418-3BE7-7422-5A44-27496C9CB51B}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{65FAFDC2-2FAC-E5D0-6B76-B2560DF44A90}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6EBD5F73-EF6D-F1DB-8DD0-B235A51E463F}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7865E9EA-6FD5-CE43-450D-DEE0AD3B5F7E}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7ABD6C5C-AEA5-5FEA-F8F4-9C012C4CF508}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8C08D810-58B3-268F-9FA8-9D3DD3DEC4B1}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8D6D2CF9-1B34-EE01-F568-A69873C16638}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90B7434E-3AD8-6756-7340-FA9FA94C0B0A}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91471F2F-225F-D8C3-9E67-2D264CDC93E7}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{998420C4-518C-C994-1D77-DA0A60E33947}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9B377D5B-FCE9-CD7A-9E41-C0F95F6B40C9}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9BFD15C3-C2F4-CD7C-8BB3-C3EA9C7F9EDD}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A25B88E5-22B8-3090-C518-9B8E6F10124A}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B4A6F399-CCC6-F735-6CCD-9DCB16A2E0F3}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B635DE61-18D1-172E-0E81-CFDFF35CE108}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BDCCA9F2-214D-5B08-C027-1DE9EA6B47C8}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D28F198D-A145-D422-4DA5-079309C3F23F}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DC440E21-41DA-C9DC-3AF1-9C585966FC36}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DDD1BB0D-24C2-E23E-0C7D-D28A2F04A41A}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ECFA4236-AAB5-A04A-ED49-E1C308A9EC61}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F67D2D32-97B9-847C-B4FC-8BDF5064E26D}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F7ED9885-4DAA-82A6-24CE-93A634699C3E}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FC1BCCE2-E21C-52CB-26E2-B42161795A27}]
c:\programdata\api-ms-win-core-memory-l1-1-032.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Kaarnanyx\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-17 136176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Album Starter Edition\Dell Photo P703w AIO Printer\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RTHDBPL"="c:\users\Kaarnanyx\AppData\Roaming\Desktop\lsass.exe" [2010-12-08 193536]
"FAStartup"="" [BU]

c:\users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Dell Network Discovery Service;Dell Network Discovery Service;c:\program files (x86)\Dell\Dell Photo P703w AIO Printer\Printer\Device\DLDiscovery.exe [2008-09-09 275696]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-27 202752]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [2009-09-02 383544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 dlSvc;Dell Photo Device Service;c:\program files (x86)\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe [2008-11-18 28672]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-27 6659072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-27 195584]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]

.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461102510-1184381975-1191852334-1001Core.job
- c:\users\Kaarnanyx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 17:57]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2461102510-1184381975-1191852334-1001UA.job
- c:\users\Kaarnanyx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 17:57]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF15624.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"DLKAStatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\DLKAMUI.exe" [2009-09-06 1679360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\users\Kaarnanyx\AppData\Roaming\Microsoft\Windows\csrss.exe
.
**************************************************************************
.
Completion time: 2010-12-30 14:31:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 22:30
ComboFix2.txt 2010-12-30 09:54

Pre-Run: 190,881,923,072 bytes free
Post-Run: 190,863,450,112 bytes free

- - End Of File - - 73CEF042902B5B248932AAC905AB15F3
  • 0

#15
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
That's looking better.

Can you run OTL again please, just double-click it and click the Quick Scan button. It will just produce one log this time
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP