Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

If you love a challenge!?! My IE is infested with boogers. I

Started by bdulaney , Oct 15 2011 09:25 AM

This topic is locked

#1
bdulaney

Posted 15 October 2011 - 09:25 AM

New Member

Member
7 posts

I was infected with a variant of the Fake AV alert virus (zero access, I think) that McAffee did not catch. I'm thinking the sig file was out of date? Or, it slipped by. Here's what I did...

1. Uninstalled McAffee!
2. Installed Malware Bytes AntiMalware MBAM and it found and removed the virus. I had a heck of a time figuring out that it hid all my files...I thought they were gone. I used Unhide.Exe though, and thought that was the end of it. But...IE was acting real flaky: Starting up on its own and taking me to sites with voice. And, any Yahoo/Google/Bing search is randomly being redirected. IE starting all the time worries me. What is it doing or attempting to do? I've gotten a few warnings about malicious sites being blocked now that I've got a better AV/Spyware frontline.
3. Checked all the normal settings in the registry for IE, found nothing askew.
4. Installed ERUNT to backup the registry on schedule. Cool tool.

It has been a flurry of activity after that:

5. Re-ran MBAM in Safe mode. Got an error about [OpenEvent] failed. Followed instructions to remedy this but no avail. It still reports this when starting up after a reboot. Probably has something to do with the problem. Working on fixing that still.
6. Cleared the IE temp folder and history. No dice. (What's with the uncleanable IE Content.IE5 folders?)
7. Started IE with no addons. No matter.
8. Bought and installed Norton 2012. It found nothing since MBAM had done its work. I thought I was looking for a BHO virus in my Master Boot Record, based on what I could tell from postings on the internet.
9. Installed SpyBot S&D. It found a few things...tracking cookies, etc. But not the problem.
10. Installed HiJack this but couldn't make anythign of it. I did not fix anything there since I did not know what to fix.
11. Installed CClean and it cleaned up the registry. Still no fix.
12. Installed UnHackMe and it found nothing. It is set to run at startup, but still nothing.
13. Installed the x64 version of Microsoft Malicious Repair Tool. It found nothing.
14. Removed the SSV2 module which continues to be installed with the latest update to Java. Not it.
15. Downloaded Sophos. Stopped Norton. Ran it in live and safe mode. Nothing.
16. Downloaded Regzooka, another registry cleaner, it found 800 things wrong! Did not fix any of that since CCleaner cleaned 268 things earlier.
17. Saw where someone had success with this problem using Kapersky Virus Removal 2011. Stopped Norton. Ran Kapersky. Nothing.
18. Took the "drastic" action of running ComboFix. Followed instructions meticulously. Bupkis.
19. Upgraded Java to the very latest edition. No dice.
20. Upgraded Adobe Acrobat to the very latest edition. Nada.
21. Came across your site and downloaded OTL and ran it. Copy is included.

I have created system reset points. I have backed up the registry. I have run just about everything I can find that even looks like it might help (above). I have booted more times than I care to count. I have run in live and safe mode. I am tired of this thing. Wasted a full (24-hour) day on this when I should have been programming! About ready to format C:\ and start over. But, that is a BIG hastle. I have so many things installed: SQL Server 2008, DevExpress controls, Visual Studio 2008 and 2010, MS Office 2010 pro, Tortoise SVN, Emotiv EPOC Headset controls and apps. Way more than I want to reinstall.

I'm begging for help and will be the most appreciative person you'll find when this is resolved.

Attached Files

OTL-bdulaney-20111015-log.Txt 190.1KB 295 downloads

#2
bdulaney

Posted 15 October 2011 - 10:04 AM

New Member

Topic Starter
Member
7 posts

Well, I may be fixed. IE has not started up in the past 30 minutes. I have tried Yahoo/Google/Bing searches and no redirects. So far. I'm still skeptical. I'll wait through the day to see...

I'm SOOOO relived to be at this point.

I followed the instructions (duh) which I admit I did not read before...

1. Backed up with ERUNT
2. Downloaded and ran OTM, rebooted copied the log file (attached), rebooted.
3. Downloaded and ran GooredFix. Log is attached.
4. Downloaded Kapersky TDSSKiller. Log is attached.

I'm thinking something here fixed the problem!!!! The verdict is still out on that.

Thanks,

Butch

Attached Files

OTM-bdulaney-20111501-log.txt 3.64KB 102 downloads
GooredFix-20111015-log.txt.txt 1.22KB 104 downloads
TDSKiller-bdulaney-20111015-log.txt 39.7KB 118 downloads

#3
bdulaney

Posted 15 October 2011 - 10:43 AM

New Member

Topic Starter
Member
7 posts

Well, I knew it was too good to be true. After an hour, IE started acting wierd again. This time, I started getting notices about ActiveX controls that wanted to run, thanks to the helpful changes suggested in your How To guide. Still, I'm as frustrated as can be.

The fight is still on, apparently.

Thanks for reading all this and helping.

Butch

OTL logfile created on: 10/15/2011 4:35:03 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Dell 64\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 40.36% Memory free
7.61 Gb Paging File | 5.02 Gb Available in Paging File | 65.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.59 Gb Total Space | 852.65 Gb Free Space | 92.62% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF

Computer Name: BUTCH | User Name: bdulaney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 04:28:12 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 64\Downloads\OTL.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/17 11:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/07/16 17:23:30 | 006,638,080 | ---- | M] () -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
PRC - [2010/06/09 15:15:34 | 000,417,906 | ---- | M] () -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/01/27 17:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/17 15:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 03:32:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 03:32:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 03:32:20 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 03:32:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/17 11:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/07/16 17:23:30 | 006,638,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/17 15:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/11 16:24:30 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/28 22:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\3FED.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 15:02:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/10/14 23:51:36 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20111014.018\ex64.sys -- (NAVEX15)
DRV - [2011/10/14 23:51:36 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20111014.018\eng64.sys -- (NAVENG)
DRV - [2011/10/14 22:02:43 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2011/10/14 01:16:40 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/12 21:13:45 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/11 00:23:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20111014.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/09/29 16:35:09 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20110929.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2011/10/13 03:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/10/14 08:55:40 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/15 02:21:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\Dell 64\AppData\Local\Temp\_uninst_.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dayspring.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: dayspring.com ([vpn] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.daysprin...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDDB231A-3574-42E9-A278-C5D3707ACB05}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 02:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/15 02:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/15 02:21:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/15 01:30:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/15 01:30:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/15 01:30:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/15 01:28:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/15 01:17:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/15 00:59:37 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Roaming\Malwarebytes
[2011/10/15 00:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/15 00:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/15 00:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/15 00:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/15 00:46:51 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\Google
[2011/10/15 00:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/10/15 00:46:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/15 00:23:21 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\Desktop\New folder
[2011/10/15 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegZooka
[2011/10/15 00:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegZooka
[2011/10/14 23:15:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/14 23:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/14 23:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/14 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/14 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/14 22:06:12 | 000,039,192 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/10/14 22:02:43 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2011/10/14 22:02:32 | 000,011,040 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2011/10/14 22:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2011/10/14 22:02:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2011/10/14 22:02:32 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\Documents\RegRun2
[2011/10/14 22:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/10/14 18:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{D2FE8C92-748A-467F-9B5B-EB7FAA52CBF0}
[2011/10/14 18:39:47 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{6C502608-3651-4E94-8FD5-CADDFD464431}
[2011/10/14 12:10:16 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{B29BAA76-1946-480E-A1B6-5A2BFC846E43}
[2011/10/14 12:09:47 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{AC45B304-4408-4827-BAB4-676C69058155}
[2011/10/14 11:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/10/14 11:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/10/14 11:01:31 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{85B75D89-A434-4D51-9005-4F62F1DECBE3}
[2011/10/14 11:01:20 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{19A4E80E-DFBD-4A46-B302-8BAB15557BCF}
[2011/10/14 10:52:44 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{898F49FA-60C1-43FF-99E2-46CE915B08E7}
[2011/10/14 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{E6CAB0F0-553A-4277-8EFE-2E1EBA7DC3DD}
[2011/10/14 09:19:55 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{9BCEFC95-9AF2-46D5-A3F7-7D78171F2318}
[2011/10/14 09:19:34 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{CBABD08B-D286-4688-A7B2-21DA2C66D527}
[2011/10/14 09:07:31 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\Pavark
[2011/10/14 09:02:14 | 048,324,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/10/14 08:55:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2011/10/14 08:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Safe Web Lite
[2011/10/14 08:55:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\0102000.006
[2011/10/14 08:47:34 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{9B5909FC-4D3C-4F64-997A-C7491A911860}
[2011/10/14 08:47:23 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{1A70B608-E829-48D3-B1CD-78668DE51109}
[2011/10/14 07:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/14 07:50:19 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/14 02:09:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/13 03:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 03:00:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 03:00:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 03:00:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 03:00:55 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 03:00:55 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 03:00:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/13 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 03:00:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/12 16:33:08 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 16:33:08 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 16:33:07 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 16:33:07 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 16:32:58 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 16:32:58 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/11 18:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/11 18:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/11 18:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/11 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\Documents\Symantec
[2011/10/11 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/11 16:24:30 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/11 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/11 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/11 16:24:12 | 001,084,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA64.sys
[2011/10/11 16:24:12 | 000,729,720 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.sys
[2011/10/11 16:24:12 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS64.sys
[2011/10/11 16:24:12 | 000,401,016 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnets.sys
[2011/10/11 16:24:12 | 000,189,560 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Ironx64.sys
[2011/10/11 16:24:12 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.sys
[2011/10/11 16:24:12 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.sys
[2011/10/11 16:24:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/10/11 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2011/10/11 16:24:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2011/10/11 16:24:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003
[2011/10/11 16:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/11 16:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/10/11 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/10/11 16:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/11 15:58:33 | 000,000,000 | ---D | C] -- C:\New folder
[2011/10/11 15:43:47 | 000,748,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Dell 64\Desktop\iexplore.exe
[2011/10/11 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
[2011/10/10 08:54:07 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{12618434-4ECE-42FA-AD24-2EF500BF9A90}
[2011/10/10 08:53:55 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{69560C0A-4AC0-475B-A13B-592AF3BAFE17}
[2011/10/10 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{9FA5B8E2-DFEC-4CEC-BBF4-36DB28E0D09D}
[2011/10/10 08:21:40 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{D30D1D09-D913-4A94-B0C5-86183C45D43F}
[2011/10/08 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\VSWebCache
[2011/10/05 10:23:22 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{827FC44F-1775-43DA-953D-8103E028BA81}
[2011/10/05 10:23:11 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{C4D21E1C-192F-4218-A39B-46B38EB78661}
[2011/10/03 01:50:35 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{862F8E29-71C4-45A4-B56D-A79DC743D645}
[2011/09/27 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{D5F611EF-AC9C-42F1-B267-6ED5B3DBBC21}
[2011/09/27 17:29:00 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{FE6A02A1-A634-48B7-B335-63900B319E9A}
[2011/09/25 07:30:32 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{6CC29457-835F-45D3-8EA0-024B70AAC883}
[2011/09/25 07:30:21 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{30B71C46-72B1-4449-8A3B-D90ACC6E469A}
[2011/09/16 17:18:55 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{B58A016D-F1FF-4C5B-8A4A-A55658217CE0}
[2011/09/16 17:18:44 | 000,000,000 | ---D | C] -- C:\Users\Dell 64\AppData\Local\{5B101725-4D26-4A6A-BE45-7B86B6B4B272}
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/15 04:26:39 | 000,000,246 | ---- | M] () -- C:\Users\Dell 64\Desktop\Try This.url
[2011/10/15 03:56:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/15 03:34:34 | 000,019,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 03:34:34 | 000,019,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 03:27:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/15 03:27:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/15 03:27:09 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 03:16:33 | 000,000,932 | ---- | M] () -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011/10/15 02:21:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/15 00:59:30 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/15 00:47:07 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/15 00:47:07 | 000,002,241 | ---- | M] () -- C:\Users\Dell 64\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/15 00:46:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/15 00:31:34 | 000,000,211 | ---- | M] () -- C:\Users\Dell 64\Desktop\Clean mbam.url
[2011/10/15 00:21:54 | 000,000,131 | ---- | M] () -- C:\Users\Dell 64\Desktop\mbam-clean.exe.url
[2011/10/15 00:01:43 | 000,000,995 | ---- | M] () -- C:\Users\Dell 64\Desktop\RegZooka.lnk
[2011/10/14 23:14:46 | 000,001,106 | ---- | M] () -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/14 23:14:34 | 000,000,926 | ---- | M] () -- C:\Users\Dell 64\Desktop\NTREGOPT.lnk
[2011/10/14 23:14:34 | 000,000,907 | ---- | M] () -- C:\Users\Dell 64\Desktop\ERUNT.lnk
[2011/10/14 23:03:43 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/14 22:06:12 | 000,039,192 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/10/14 22:02:43 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2011/10/14 22:02:33 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/10/14 22:02:33 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/10/14 22:02:33 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/10/14 22:02:32 | 000,000,945 | ---- | M] () -- C:\Users\Dell 64\Desktop\UnHackMe.lnk
[2011/10/14 22:02:32 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\UnHackMe Task Scheduler.job
[2011/10/14 13:27:49 | 000,002,070 | ---- | M] () -- C:\Users\Dell 64\Documents\Default.rdp
[2011/10/14 10:00:41 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/14 07:50:19 | 000,002,987 | ---- | M] () -- C:\Users\Dell 64\Desktop\HiJackThis.lnk
[2011/10/13 03:28:09 | 000,481,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 03:03:00 | 000,904,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/13 03:03:00 | 000,738,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/13 03:03:00 | 000,150,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/13 03:01:07 | 001,858,619 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Cat.DB
[2011/10/11 20:28:23 | 000,004,349 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\VT20110921.019
[2011/10/11 18:11:07 | 000,001,260 | ---- | M] () -- C:\Users\Dell 64\Desktop\Spybot - Search & Destroy.lnk
[2011/10/11 16:27:45 | 000,001,285 | ---- | M] () -- C:\Users\Dell 64\Desktop\Norton Installation Files.lnk
[2011/10/11 16:24:30 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/11 16:24:30 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/11 16:24:30 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/11 16:24:25 | 000,002,462 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/10/11 14:34:31 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/11 14:33:12 | 000,000,296 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/11 14:33:12 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/11 14:32:49 | 000,000,679 | ---- | M] () -- C:\Users\Dell 64\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
[2011/10/09 03:00:12 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/05 10:09:48 | 048,324,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/09/27 18:28:29 | 000,000,145 | ---- | M] () -- C:\Users\Dell 64\Desktop\Uverse.url
[2011/09/18 03:10:32 | 000,884,634 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 17:18:49 | 000,512,849 | ---- | M] () -- C:\Users\Dell 64\Desktop\CoxBill.pdf
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/15 03:16:33 | 000,000,932 | ---- | C] () -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011/10/15 01:30:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/15 01:30:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/15 01:30:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/15 01:30:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/15 01:30:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/15 00:59:30 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/15 00:50:41 | 000,000,246 | ---- | C] () -- C:\Users\Dell 64\Desktop\Try This.url
[2011/10/15 00:47:07 | 000,002,241 | ---- | C] () -- C:\Users\Dell 64\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/15 00:47:06 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/15 00:46:56 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/15 00:46:56 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/15 00:23:28 | 000,000,211 | ---- | C] () -- C:\Users\Dell 64\Desktop\Clean mbam.url
[2011/10/15 00:21:18 | 000,000,131 | ---- | C] () -- C:\Users\Dell 64\Desktop\mbam-clean.exe.url
[2011/10/15 00:01:43 | 000,000,995 | ---- | C] () -- C:\Users\Dell 64\Desktop\RegZooka.lnk
[2011/10/14 23:14:46 | 000,001,106 | ---- | C] () -- C:\Users\Dell 64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/14 23:14:34 | 000,000,926 | ---- | C] () -- C:\Users\Dell 64\Desktop\NTREGOPT.lnk
[2011/10/14 23:14:34 | 000,000,907 | ---- | C] () -- C:\Users\Dell 64\Desktop\ERUNT.lnk
[2011/10/14 23:03:42 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/14 22:02:33 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/10/14 22:02:33 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2011/10/14 22:02:33 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/10/14 22:02:32 | 000,000,945 | ---- | C] () -- C:\Users\Dell 64\Desktop\UnHackMe.lnk
[2011/10/14 22:02:32 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\UnHackMe Task Scheduler.job
[2011/10/14 08:55:20 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0102000.006\isolate.ini
[2011/10/14 07:50:19 | 000,002,987 | ---- | C] () -- C:\Users\Dell 64\Desktop\HiJackThis.lnk
[2011/10/11 20:28:30 | 000,004,349 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\VT20110921.019
[2011/10/11 19:30:44 | 000,001,228 | ---- | C] () -- C:\Users\Dell 64\Desktop\Windows Explorer.lnk
[2011/10/11 18:59:12 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/11 18:59:12 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/11 18:59:11 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 18:59:04 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2011/10/11 18:58:35 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/11 18:58:35 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/11 18:58:35 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/10/11 18:58:35 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/10/11 18:58:35 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/10/11 18:58:34 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/11 18:58:34 | 000,002,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/10/11 18:58:34 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/10/11 18:58:34 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/10/11 18:58:34 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/10/11 18:58:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/10/11 18:58:34 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/10/11 18:58:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/11 18:58:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/10/11 18:58:33 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/10/11 18:58:33 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/10/11 18:58:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/10/11 18:58:33 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/10/11 18:11:07 | 000,001,260 | ---- | C] () -- C:\Users\Dell 64\Desktop\Spybot - Search & Destroy.lnk
[2011/10/11 16:26:03 | 001,858,619 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Cat.DB
[2011/10/11 16:24:30 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/11 16:24:30 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/11 16:24:25 | 000,002,462 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/10/11 16:24:08 | 000,007,510 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.cat
[2011/10/11 16:24:08 | 000,007,504 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.cat
[2011/10/11 16:24:08 | 000,007,502 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA64.cat
[2011/10/11 16:24:08 | 000,007,500 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.cat
[2011/10/11 16:24:08 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS64.cat
[2011/10/11 16:24:08 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\iron.cat
[2011/10/11 16:24:08 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnet64.cat
[2011/10/11 16:24:08 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA.inf
[2011/10/11 16:24:08 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS.inf
[2011/10/11 16:24:08 | 000,002,801 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymVTcer.dat
[2011/10/11 16:24:08 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymNet.inf
[2011/10/11 16:24:08 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.inf
[2011/10/11 16:24:08 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.inf
[2011/10/11 16:24:08 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.inf
[2011/10/11 16:24:08 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Iron.inf
[2011/10/11 16:24:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\isolate.ini
[2011/10/11 16:22:18 | 000,001,285 | ---- | C] () -- C:\Users\Dell 64\Desktop\Norton Installation Files.lnk
[2011/10/11 14:33:12 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/11 14:33:11 | 000,000,296 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/11 14:32:49 | 000,000,679 | ---- | C] () -- C:\Users\Dell 64\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
[2011/10/11 14:32:46 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 18:28:20 | 000,000,145 | ---- | C] () -- C:\Users\Dell 64\Desktop\Uverse.url
[2011/09/16 17:18:48 | 000,512,849 | ---- | C] () -- C:\Users\Dell 64\Desktop\CoxBill.pdf
[2011/09/14 11:35:41 | 000,000,537 | ---- | C] () -- C:\Windows\ETNTInst.ini
[2011/07/17 15:52:14 | 000,234,132 | ---- | C] () -- C:\Users\Dell 64\AppData\Local\debuggee.mdmp
[2011/04/28 14:00:13 | 000,007,605 | ---- | C] () -- C:\Users\Dell 64\AppData\Local\Resmon.ResmonCfg
[2011/04/15 14:50:46 | 000,884,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/03 18:27:08 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/03/03 18:27:08 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/03/03 18:27:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini

========== LOP Check ==========

[2011/10/09 03:00:12 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:08:49 | 000,018,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/14 10:00:41 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011/10/14 22:02:32 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\UnHackMe Task Scheduler.job

========== Purity Check ==========

< End of report >

FOLLOWING IS THE EXTRAS.TXT that was created, too:

OTL Extras logfile created on: 10/15/2011 4:35:03 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Dell 64\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 40.36% Memory free
7.61 Gb Paging File | 5.02 Gb Available in Paging File | 65.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.59 Gb Total Space | 852.65 Gb Free Space | 92.62% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF

Computer Name: BUTCH | User Name: bdulaney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java™ 6 Update 23 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{45EF12B0-F531-4A2C-A1C0-6B1495698E30}" = TortoiseSVN 1.6.15.21042 (64 bit)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 Integration Services
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 Full text search
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 Integration Services
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Pen Tablet Driver" = Bamboo

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92B68570-AE13-4B2E-A8CC-98DC98F3A899}" = CSLA .NET
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5DD3FCF-ADD2-435B-83C6-A97F93891661}" = CodeSmith Generator Professional 5.3.4.12823
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Dell Dock" = Dell Dock
"DevExpress 2010.1 Components" = DevExpress 2010.1 Components
"DevExpress 2010.2 Components" = DevExpress 2010.2 Components
"Emotiv Developer Edition SDK" = Emotiv Developer Edition SDK 1.0.0.4
"Emotiv EPOC Control Panel" = Emotiv EPOC Control Panel 1.0.0.4
"Encountering the New Testament" = Encountering the New Testament
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IconWorkshop " = Axialis IconWorkshop 6.53
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"NAV" = Norton AntiVirus
"Notepad++" = Notepad++
"NST" = Norton Safe Web Lite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"RegZooka" = RegZooka
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"UnHackMe_is1" = UnHackMe 5.99 release
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2011 2:32:06 AM | Computer Name = Butch | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2011-10-12T00:33:54.939152700Z'
has failed with following error code '2155348315' (%%2155348315). Please review
the event details for a solution, and then rerun the backup operation once the
issue is resolved.

Error - 10/12/2011 2:32:08 AM | Computer Name = Butch | Source = Windows Backup | ID = 4104
Description =

Error - 10/12/2011 7:13:01 AM | Computer Name = Butch | Source = Windows Backup | ID = 4104
Description =

Error - 10/13/2011 1:32:47 AM | Computer Name = Butch | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/13/2011 6:56:49 PM | Computer Name = Butch | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Width and Height must be non-negative.

at System.Windows.Rect..ctor(Double x, Double y, Double width, Double height)

at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr
wParam, IntPtr lParam, Boolean& handled) at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/13/2011 7:11:50 PM | Computer Name = Butch | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Width and Height must be non-negative.

at System.Windows.Rect..ctor(Double x, Double y, Double width, Double height)

at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr
wParam, IntPtr lParam, Boolean& handled) at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/14/2011 1:32:28 AM | Computer Name = Butch | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/14/2011 8:28:07 AM | Computer Name = Butch | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Width and Height must be non-negative.

at System.Windows.Rect..ctor(Double x, Double y, Double width, Double height)

at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr
wParam, IntPtr lParam, Boolean& handled) at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/14/2011 2:42:40 PM | Computer Name = Butch | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Width and Height must be non-negative.

at System.Windows.Rect..ctor(Double x, Double y, Double width, Double height)

at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr
wParam, IntPtr lParam, Boolean& handled) at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/14/2011 11:05:14 PM | Computer Name = Butch | Source = System Restore | ID = 8193
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 10/14/2011 2:29:14 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CTlsTunnelMgr::initiateTunnel Return code: 0xFE1F000C File:
.\VpnMgr.cpp Line: 3216 Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 10/14/2011 2:29:14 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::postConnectProcessing Return code: 0xFE1F000C
File:
.\IPC\SocketTransport.cpp Line: 1212 Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: ::WSAConnect Return code: 10060 File: .\IPC\SocketTransport.cpp
Line:
1306 Description: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection failed because
connected host has failed to respond.

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CTcpTransport::initiateTransport Return code: 0xFE1F000C File:
.\SslTunnelTransport.cpp Line: 371 Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::initiateTransport Return code: 0xFE1F000C
File:
.\TlsProtocol.cpp Line: 495 Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: initiateTunnel Return code: 0xFE1F000C File: .\CstpProtocol.cpp
Line:
1071 Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: ITunnelProtocol::initiateTunnel Return code: 0xFE1F000C File:
.\TunnelStateMgr.cpp Line: 1040 Description: SOCKETTRANSPORT_ERROR_CONNECT callback

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CTunnelStateMgr::initiateTunnel Return code: 0xFE1F000C File:
.\TunnelMgr.cpp Line: 600 Description: SOCKETTRANSPORT_ERROR_CONNECT callback

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CTlsTunnelMgr::initiateTunnel Return code: 0xFE1F000C File:
.\VpnMgr.cpp Line: 3216 Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 10/14/2011 2:30:05 PM | Computer Name = Butch | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::postConnectProcessing Return code: 0xFE1F000C
File:
.\IPC\SocketTransport.cpp Line: 1212 Description: SOCKETTRANSPORT_ERROR_CONNECT

[ Dell Events ]
Error - 4/15/2011 12:40:10 PM | Computer Name = Dell64-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/15/2011 12:40:10 PM | Computer Name = Dell64-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/15/2011 4:11:47 PM | Computer Name = Dell64-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/28/2011 2:40:33 PM | Computer Name = Butch | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/28/2011 2:40:33 PM | Computer Name = Butch | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/28/2011 2:45:01 PM | Computer Name = Butch | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/28/2011 2:45:01 PM | Computer Name = Butch | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/29/2011 4:11:43 PM | Computer Name = Butch | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 8/10/2011 8:33:21 PM | Computer Name = Butch | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 8/10/2011 8:33:21 PM | Computer Name = Butch | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 8/13/2011 10:20:21 PM | Computer Name = Butch | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 8/20/2011 1:36:06 PM | Computer Name = Butch | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.

Error - 8/20/2011 1:36:09 PM | Computer Name = Butch | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.

Error - 8/20/2011 1:36:10 PM | Computer Name = Butch | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.

Error - 9/8/2011 7:41:35 AM | Computer Name = Butch | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 48. The internal error state
is 552.

Error - 9/8/2011 7:41:35 AM | Computer Name = Butch | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 9/8/2011 7:43:52 AM | Computer Name = Butch | Source = DCOM | ID = 10009
Description =

Error - 9/8/2011 7:44:50 AM | Computer Name = Butch | Source = DCOM | ID = 10009
Description =

< End of report >

#4
Essexboy

Posted 15 October 2011 - 11:57 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I like challenges - could you post the combofix log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/10/11 14:33:12 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/11 14:33:11 | 000,000,296 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/11 14:32:49 | 000,000,679 | ---- | C] () -- C:\Users\Dell 64\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
[2011/10/11 14:32:46 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#5
bdulaney

Posted 15 October 2011 - 12:38 PM

New Member

Topic Starter
Member
7 posts

I ran the OTL and rebooted. The log is attached.

I ran the awsMBR and I think it found something on the Master Boot Record. The log is attached.

I've looked everywhere for the log from the comboFix program I ran earlier and I can't find it. I must not have saved it. I wasn't working with anyone at the time and didn't think about it, I guess. It took an "eternity" last night between 1 am and 3 am to run.

Thank you sooo much. This is the first positive sign I've had that there is a bug in my system.

What's next?

Attached Files

aswMBR.txt 1.81KB 125 downloads
OTL-bdulaney-20111015A-log.Txt 116.73KB 102 downloads

#6
Essexboy

Posted 15 October 2011 - 12:49 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep this is the one that can hide from TDSSKiller - but we can kill it. This fix must be run from the repair disc .

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe
Allow the UAC(User Account Control) prompt via selecting Yes.
You should now see a menu like the below:-

Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
Note: If a AutoPlay window pops up, just close it.
When the SRD has been created you will see the below:-

Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
You now have a Windows 7 System Repair Disc.

Reboot to the CD

When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

Bootrec.exe /FixMbr
Once finished type Exit

Reboot to normal windows and run aswMBR again please

#7
bdulaney

Posted 15 October 2011 - 01:46 PM

New Member

Topic Starter
Member
7 posts

I created the bootable CD and opened Windows. Used the command prompt and the command: BootRec.exe /FixMbr. I rebooted and now I'm back. Just ran the aswMBR program and NO RED! The Log is attached. I'm guessing that got it!

A couple of questions: I probably need to do a System Restore Point now, after the fix? Anything special about that?

The $64MB question is: How does one go about innoculating the computer against such attacks in the future? I had McAffee and got it anyway. Now, I have the following:

Norton 2012 scanning everything
SpyBot Search and Destroy with Resident running
MalwareByte's AntiMalware (for on-demand scans only)
SuperAntiSpyware running
Gratis Software running at startup
A Keyscrambler running
About 10 other tools I've downloaded over the past couple of days for on-demand scanning, etc.

I've read and followed the note on this site about things to do to avoid getting bitten, but this TDL-4 seemed to sneak in under the radar and avoided detection pretty well from just about everything I threw at it. Thank goodness for Avast's aswMBR tool.

And, of course, you and this great site!

Next steps?

Butch

Edited by bdulaney, 15 October 2011 - 02:01 PM.

#8
bdulaney

Posted 15 October 2011 - 01:55 PM

New Member

Topic Starter
Member
7 posts

I created the bootable CD and opened Windows. Used the command prompt and BootRec.exe /FixMbr. I rebooted and now I'm back. Just ran the aswMBR program and NO RED! The Log is attached.

A couple of questions: I probably need to do a System Restore Point now, after the fix? Anything special about that?

The $64MB question is: How does one go about innoculating the computer against such attacks in the future? I had McAffee and got this bad virus anyway. Now, I have the following but I'm still afraid something will sneak through. I've followed all the points in the log posted on this site for how to avoid getting bitten again, but I'm nervous about it.

Here's what I'm using:
1) Norton 2012
2) SpyBot Search and Destroy with Resident running
3) SuperAntiSpyware running
4) Gratis Software's Unhack me running at startup
4) MalwareBytes Anti-Malware to run for on-demand scans only
5) About 10 other foist-ware tools, too, to run on-demand

Is there anything else I should do now?

Thanks,

Butch

Attached Files

aswMBR-After.txt 1.67KB 104 downloads

#9
Essexboy

Posted 15 October 2011 - 02:36 PM

GeekU Moderator

Retired Staff
69,964 posts

No AV is 100% even Avast who created aswMBR have a hard time stopping the infection. The main thing really is you... You are the best defence be cautious when you get any popups on a web site - close by the X and not the OK or cancel buttons (they can and are switched)

Myself I just have Avast and MBAM as an on demand scanner, I use IE9 only as I find that exceptionally secure especially with smart filter enabled

When I remove my tools I will go through the restore point cleaning and walk you through it

Be carefull of overkill though I feel that one AV and one Antimalware is good enough protection

Could you now update and run MBAM posting the resultant log and let me know of any remaining problems

#10
bdulaney

Posted 15 October 2011 - 02:45 PM

New Member

Topic Starter
Member
7 posts

Here's the latest log from MBAM. No threats.

Thanks again! You are a magician!

Butch

Attached Files

mbam-log-2011-10-15 (16-40-18).txt 902bytes 118 downloads

#11
Essexboy

Posted 15 October 2011 - 02:47 PM

GeekU Moderator

Retired Staff
69,964 posts

Thanks again! You are a magician!

No just an analyst

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

#12
Essexboy

Posted 17 October 2011 - 01:24 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.