Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System32/Blaster.worm issues


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Go ahead and stop it, reboot and then run it again , Quickscan and post that log.
  • 0

Advertisements


#17
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Closed the scan and rebooted. Failed to connect so tried rebooting again. Received the same error both times. I was unable to locate the log in question to show.

Failed to connect to a Windows service
Windows could not connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details why the service didn't respond.
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
First try a simplified version of the OTL script:

Copy the text:

:OTL
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    
:Commands
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If that doesn't help then try:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

netsh  winsock  reset catalog

netsh int ipv4 reset %userprofile%\Desktop\reset4.log 
netsh int ipv6 reset %userprofile%\Desktop\reset6.log 





Copy and paste the log it creates into a reply then run OTL one more time, quickscan, and paste the log.


reboot and try it. If it doesn't work then

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

regedit

navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5

and note the value of
"Num_Catalog_Entries"

Below the above key should be subkeys like

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001

How many of them are there? There should be exactly the same as the noted value and there should be no gaps in the numbering. If the last entry does not end in the same number as the noted value then go back to "Num_Catalog_Entries" and double click and change the value to agree. OK. IF that looks OK then check "Num_Catalog_Entries64" the same way. Repeat for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog9

You may be able to connect with the 64 bit version of IE and not with the standard version.


If nothing works then a System Restore to the newest Restore Point is your next step.
  • 0

#19
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
System reboot successful after the OTL mini-scan, connections received.
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Run OTL, Quickscan and post the log.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#21
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 11/30/2011 9:54:06 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fuan Azazel\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 78.12% Memory free
15.50 Gb Paging File | 13.76 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 649.56 Gb Free Space | 70.48% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 213.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COOLKATSLIM | User Name: Fuan Azazel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 02:50:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fuan Azazel\Downloads\OTL.exe
PRC - [2011/11/13 23:53:04 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/13 10:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 10:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 10:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 10:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/11/19 17:06:39 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/09 10:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 00:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 00:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/29 15:51:37 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/13 23:53:05 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/10/24 03:33:29 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/24 03:33:26 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/24 02:26:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/24 02:26:00 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/24 02:25:45 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/24 02:25:34 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/24 02:25:28 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/24 02:25:25 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/24 02:25:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/24 02:25:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/24 02:25:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/24 02:25:09 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/24 02:25:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/01/13 10:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 10:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 10:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 10:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 10:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 10:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 10:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 10:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 10:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 10:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/09 10:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 10:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 10:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 10:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 10:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 10:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 00:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 00:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 00:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/27 21:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/06/10 13:14:52 | 001,736,536 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/17 23:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/11/17 16:14:57 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/13 18:35:24 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/13 10:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/19 15:01:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/26 15:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 13:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 13:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 13:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 13:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 13:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 13:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/28 05:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/12 12:36:33 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2009/09/30 22:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/18 00:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/31 00:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 00:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2006/11/01 08:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/22 23:29:06 | 000,047,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\EdenEternal\sjcs64.sys -- (sj)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hollowgame.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fuan Azazel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fuan Azazel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fuan Azazel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/12 22:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/29 03:03:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 23:53:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/29 14:22:20 | 000,000,000 | ---D | M]

[2010/08/24 04:41:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fuan Azazel\AppData\Roaming\Mozilla\Extensions
[2010/08/24 04:41:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fuan Azazel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/30 16:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fuan Azazel\AppData\Roaming\Mozilla\Firefox\Profiles\xqrc9xuc.default\extensions
[2011/11/29 14:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fuan Azazel\AppData\Roaming\Mozilla\Firefox\Profiles\xqrc9xuc.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/11/12 22:21:23 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\Fuan Azazel\AppData\Roaming\Mozilla\Firefox\Profiles\xqrc9xuc.default\extensions\[email protected]
[2011/08/17 13:11:56 | 000,001,276 | -H-- | M] () -- C:\Users\Fuan Azazel\AppData\Roaming\Mozilla\Firefox\Profiles\xqrc9xuc.default\searchplugins\search-the-web.xml
[2011/11/29 14:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/29 14:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/29 03:03:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/11/29 14:18:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fuan Azazel\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fuan Azazel\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fuan Azazel\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Fuan Azazel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fuan Azazel\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fuan Azazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fuan Azazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\CRX_INSTALL\

O1 HOSTS File: ([2011/11/29 02:32:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam2\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Fuan Azazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Fuan Azazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1771DAC8-7BD0-4895-B8C5-C3E389E8A39E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70619BF1-EA2C-4C15-8735-6758D0D3A207}: DhcpNameServer = 192.168.1.1 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1EBA03-C9DC-47F1-8F7E-14FC3C64FB53}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3516B40-3DFE-4EBB-9BA3-AABC9260E0ED}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7CB1DA2-DEF2-4962-A83C-684B13594A37}: DhcpNameServer = 192.168.1.1 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC04FDE-7851-4CC6-95A9-99CEEBD07928}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/31 15:01:11 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 15:01:28 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 19:15:46 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 19:15:25 | 000,001,214 | R--- | M] () - D:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2001/12/14 11:55:38 | 000,123,561 | R--- | M] () - J:\AutoSaveBase.pcx -- [ CDFS ]
O32 - AutoRun File - [2001/12/14 11:54:42 | 000,141,589 | R--- | M] () - J:\AutoSaveButtons.pcx -- [ CDFS ]
O32 - AutoRun File - [2001/12/17 10:25:58 | 000,290,816 | R--- | M] () - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/12/06 11:58:20 | 000,004,150 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2001/08/30 14:38:10 | 000,000,047 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 17:57:21 | 000,000,000 | ---D | C] -- C:\Users\Fuan Azazel\Documents\Command and Conquer Generals Data
[2011/11/29 22:46:07 | 000,061,440 | ---- | C] ( ) -- C:\Users\Fuan Azazel\Desktop\VEW.exe
[2011/11/29 20:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/29 14:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/11/29 14:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/11/29 14:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/11/29 14:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/29 13:59:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/29 03:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/29 03:03:21 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/29 03:03:20 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/29 03:03:17 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/29 03:03:15 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/29 03:03:13 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/29 03:03:10 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/29 03:03:10 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/29 03:02:59 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/29 03:02:59 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/29 03:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/29 03:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/29 02:37:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/29 02:32:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/29 02:21:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/29 02:19:57 | 004,321,290 | R--- | C] (Swearware) -- C:\Users\Fuan Azazel\Desktop\ComboFix.exe
[2011/11/28 23:21:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/28 23:16:07 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Fuan Azazel\Desktop\aswMBR.exe
[2011/11/28 23:15:55 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fuan Azazel\Desktop\tdsskiller.exe
[2011/11/28 22:01:32 | 000,000,000 | ---D | C] -- C:\Users\Fuan Azazel\AppData\Local\temp
[2011/11/28 21:48:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/28 21:48:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/28 21:48:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/28 21:48:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 21:48:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/23 23:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/11/23 23:46:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/14 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Infogrames Interactive
[2011/11/12 23:27:19 | 000,000,000 | ---D | C] -- C:\Users\Fuan Azazel\AppData\Roaming\Malwarebytes
[2011/11/12 23:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/12 23:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/12 23:26:11 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/12 23:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 17:21:44 | 000,000,000 | -H-D | C] -- C:\Users\Fuan Azazel\AppData\Local\Akamai
[2010/11/19 18:40:07 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WINGDE.DLL
[2010/11/19 18:40:07 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WING.DLL
[2010/11/19 18:40:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WING32.DLL
[2010/11/19 18:40:07 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WINGDIB.DRV
[2010/11/19 18:40:07 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WINGPAL.WND
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 21:16:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2825267464-184479636-4230341962-1000UA.job
[2011/11/30 20:35:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 20:35:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 20:32:47 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/30 20:32:47 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/30 20:32:47 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/30 20:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/30 20:28:23 | 1945,350,143 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 00:16:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2825267464-184479636-4230341962-1000Core.job
[2011/11/29 22:46:09 | 000,061,440 | ---- | M] ( ) -- C:\Users\Fuan Azazel\Desktop\VEW.exe
[2011/11/29 19:49:27 | 000,259,078 | ---- | M] () -- C:\Users\Fuan Azazel\Desktop\Winsock2.reg
[2011/11/29 14:22:21 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/29 03:03:22 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/29 03:03:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/29 02:47:20 | 000,000,512 | ---- | M] () -- C:\Users\Fuan Azazel\Desktop\MBR.dat
[2011/11/29 02:32:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/29 02:20:16 | 004,321,290 | R--- | M] (Swearware) -- C:\Users\Fuan Azazel\Desktop\ComboFix.exe
[2011/11/28 23:20:58 | 491,068,123 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/28 23:16:13 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Fuan Azazel\Desktop\aswMBR.exe
[2011/11/28 23:16:01 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fuan Azazel\Desktop\tdsskiller.exe
[2011/11/23 23:48:20 | 000,001,215 | ---- | M] () -- C:\Windows\eReg.dat
[2011/11/23 23:48:08 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Play SimGolf.lnk
[2011/11/23 23:46:06 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/15 14:11:14 | 000,000,774 | ---- | M] () -- C:\Users\Fuan Azazel\Desktop\EdenEternal.lnk
[2011/11/14 20:08:58 | 000,000,271 | ---- | M] () -- C:\Windows\PowerReg.dat
[2011/11/14 03:18:04 | 000,282,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/12 23:26:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/29 19:49:26 | 000,259,078 | ---- | C] () -- C:\Users\Fuan Azazel\Desktop\Winsock2.reg
[2011/11/29 14:22:21 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/29 14:22:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/29 03:03:22 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/29 03:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/29 02:47:20 | 000,000,512 | ---- | C] () -- C:\Users\Fuan Azazel\Desktop\MBR.dat
[2011/11/28 23:20:58 | 491,068,123 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/28 21:48:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 21:48:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 21:48:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 21:48:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 21:48:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 23:48:08 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Play SimGolf.lnk
[2011/11/15 14:11:14 | 000,000,774 | ---- | C] () -- C:\Users\Fuan Azazel\Desktop\EdenEternal.lnk
[2011/11/14 20:08:51 | 000,000,271 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/12 23:26:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/20 08:20:07 | 000,041,482 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/11/19 18:40:07 | 000,229,530 | ---- | C] () -- C:\Program Files (x86)\README.PDF
[2010/11/19 18:40:07 | 000,021,658 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2010/11/19 18:40:07 | 000,001,024 | ---- | C] () -- C:\Program Files (x86)\SVX
[2010/11/19 18:40:07 | 000,000,423 | ---- | C] () -- C:\Program Files (x86)\SETUP.INI
[2010/11/19 18:40:07 | 000,000,340 | ---- | C] () -- C:\Program Files (x86)\install.nfo
[2010/11/19 18:40:07 | 000,000,016 | ---- | C] () -- C:\Program Files (x86)\SVS
[2010/11/19 14:34:22 | 000,001,215 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/24 09:34:11 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/08/24 09:34:10 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/08/22 19:39:20 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/07/28 11:43:16 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/23 01:12:19 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/07/23 01:12:19 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/07/23 01:12:19 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/07/22 06:22:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/19 16:55:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/16 05:20:14 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2009/08/19 04:15:08 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/23 23:41:46 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\Azureus
[2011/08/10 22:56:48 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\BitZipper
[2011/08/11 22:28:34 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\BoneTown
[2011/11/12 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\Cat Girl Alliance
[2011/11/12 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/11/12 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\EditPlus 3
[2011/11/12 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\GetRightToGo
[2010/08/24 15:03:59 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\IMVU
[2011/11/12 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\IMVUClient
[2011/09/24 17:46:37 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\LolClient
[2011/09/01 11:22:43 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\PACE Anti-Piracy
[2011/11/12 22:23:30 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\RIFT
[2011/02/02 13:28:30 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\runic games
[2011/11/12 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\SoftGrid Client
[2011/11/12 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\SPORE
[2010/07/28 11:44:02 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\TP
[2011/09/01 11:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\Unity
[2011/11/12 22:23:30 | 000,000,000 | ---D | M] -- C:\Users\Fuan Azazel\AppData\Roaming\Vivox
[2011/11/17 08:27:33 | 000,030,762 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Cleared Events as instructed. Rebooted with no disk check upon start-up(second time this happened)

Continuing with sfc scan

Edited by Coolkatslim, 01 December 2011 - 01:10 AM.

  • 0

#22
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sfc scan finished with no issues. Nothing found.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/11/2011 10:25:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2011 6:00:02 AM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 01/12/2011 6:00:02 AM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2011 6:00:01 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/12/2011 5:59:25 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

------------********************-------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/11/2011 10:26:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/12/2011 6:03:36 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:35 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:34 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:34 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:33 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:32 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:32 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:30 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:30 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:30 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:27 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:27 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:26 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:25 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:24 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:24 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:23 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:22 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:22 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 01/12/2011 6:03:20 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/12/2011 6:10:29 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 01/12/2011 6:10:29 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 01/12/2011 6:00:24 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=9C8}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: COOLKATSLIM Operating System: Windows 7 64-bit Service Pack 0.0 Build 7600 OSD Command:

Log: 'Application' Date/Time: 01/12/2011 6:00:16 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=9C8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 01/12/2011 5:59:21 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2825267464-184479636-4230341962-1000_Classes:
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000_CLASSES


Log: 'Application' Date/Time: 01/12/2011 5:59:20 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-2825267464-184479636-4230341962-1000:
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Process 1332 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011112820111129
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011112120111128
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011110720111114
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{784D7315-86B2-435F-B29A-D9E3E311C072}
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011111420111121
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011113020111201
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011112920111130
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 4040 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2825267464-184479636-4230341962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Normally I would say we were clean but there is some things in your event logs which don't look right.

You have a bad install of Real Player. I don't know if it is just a bad download or if it is not really compatible with a 64 bit system.

What really worries me tho is this "Process 4040 (<Unknown>)" that is hanging on to the registry when Windows closes. Let's try

Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Let's also do the following to look for a brand new infection that we are just starting to see.
Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

http://graphicssoft....nscreenshot.htm Save the file as a .jpg or .pdf or the forum won't allow it unless you zip it up first.
  • 0

#24
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here you go.

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 90.50 0 K 24 K
procexp64.exe 3648 5.29 21,072 K 40,024 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 1.32 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 2984 0.86 34,300 K 44,140 K Desktop Window Manager Microsoft Corporation
csrss.exe 548 0.51 4,076 K 8,072 K Client Server Runtime Process Microsoft Corporation
System 4 0.44 144 K 14,668 K
svchost.exe 1896 0.39 6,052 K 12,012 K Host Process for Windows Services Microsoft Corporation
firefox.exe 5116 0.33 90,788 K 116,588 K Firefox Mozilla Corporation
DellDock.exe 4080 0.10 46,020 K 23,488 K Dell Dock Stardock Corporation
Toaster.exe 3860 0.05 29,300 K 33,744 K Dell DataSafe Local Backup SoftThinks - Dell
RoxioBurnLauncher.exe 4576 0.05 4,032 K 11,740 K Roxio Burn Launcher
explorer.exe 2248 0.04 35,208 K 56,964 K Windows Explorer Microsoft Corporation
Roxio Burn.exe 4244 0.03 14,976 K 24,568 K Roxio Burn
AvastUI.exe 5044 0.02 5,412 K 4,256 K avast! Antivirus AVAST Software
DataSafeOnline.exe 4488 0.01 25,140 K 37,484 K DataSafeOnline
svchost.exe 1164 0.01 17,136 K 18,592 K Host Process for Windows Services Microsoft Corporation
mbamservice.exe 2172 0.01 105,316 K 55,512 K Malwarebytes' Anti-Malware Malwarebytes Corporation
svchost.exe 1776 0.01 14,968 K 17,288 K Host Process for Windows Services Microsoft Corporation
AvastSvc.exe 1268 0.01 26,124 K 24,620 K avast! Service AVAST Software
svchost.exe 996 < 0.01 17,708 K 20,992 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4840 < 0.01 71,516 K 30,260 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1044 < 0.01 7,404 K 12,628 K Host Process for Windows Services Microsoft Corporation
svchost.exe 368 < 0.01 31,088 K 48,348 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 3516 < 0.01 25,668 K 14,992 K Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 5108 < 0.01 4,264 K 9,504 K Microsoft Windows Search Protocol Host Microsoft Corporation
svchost.exe 120 < 0.01 185,244 K 193,344 K Host Process for Windows Services Microsoft Corporation
csrss.exe 456 < 0.01 2,312 K 5,108 K Client Server Runtime Process Microsoft Corporation
sftlist.exe 2400 < 0.01 7,124 K 15,520 K Microsoft Application Virtualization Client Service Microsoft Corporation
WUDFHost.exe 3724 3,028 K 7,300 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
wuauclt.exe 4968 2,936 K 7,784 K Windows Update Microsoft Corporation
wmpnetwk.exe 892 11,400 K 6,764 K Windows Media Player Network Sharing Service Microsoft Corporation
WmiPrvSE.exe 3944 3,508 K 7,196 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 2796 2,200 K 4,424 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 2288 5,164 K 13,468 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 676 3,808 K 8,256 K Windows Logon Application Microsoft Corporation
wininit.exe 528 2,364 K 5,624 K Windows Start-Up Application Microsoft Corporation
taskhost.exe 2896 3,944 K 8,560 K Host Process for Windows Tasks Microsoft Corporation
svchost.exe 772 5,416 K 10,680 K Host Process for Windows Services Microsoft Corporation
svchost.exe 868 5,276 K 9,488 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1932 7,896 K 15,688 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2216 2,968 K 7,540 K Host Process for Windows Services Microsoft Corporation
STService.exe 3212 6,216 K 12,868 K ST Service Scheduling
spoolsv.exe 1748 8,120 K 13,652 K Spooler SubSystem App Microsoft Corporation
smss.exe 328 540 K 1,280 K Windows Session Manager Microsoft Corporation
sftvsa.exe 2188 1,792 K 5,380 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation
SftService.exe 2160 4,896 K 9,388 K SoftThinks Agent Service SoftThinks SAS
services.exe 584 5,640 K 9,828 K Services and Controller app Microsoft Corporation
SearchFilterHost.exe 5004 3,736 K 7,696 K Microsoft Windows Search Filter Host Microsoft Corporation
SeaPort.exe 2020 4,588 K 10,716 K Microsoft SeaPort Search Enhancement Broker Microsoft Corp.
rundll32.exe 3948 2,680 K 7,684 K Windows host process (Rundll32) Microsoft Corporation
realsched.exe 2356 3,216 K 1,604 K RealNetworks Scheduler RealNetworks, Inc.
RAVCpl64.exe 3300 9,520 K 12,236 K Realtek HD Audio Manager Realtek Semiconductor
procexp.exe 3124 2,332 K 7,248 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
plugin-container.exe 1260 10,540 K 15,068 K Plugin Container for Firefox Mozilla Corporation
PDVDDXSrv.exe 4532 4,624 K 10,340 K CyberLink PowerDVD Resident Program CyberLink Corp.
mbamgui.exe 5032 2,772 K 8,112 K Malwarebytes' Anti-Malware Malwarebytes Corporation
MagicDisc.exe 4384 3,356 K 7,836 K MagicISO Virtual CD/DVD Manager MagicISO, Inc.
lsm.exe 620 3,412 K 5,464 K Local Session Manager Service Microsoft Corporation
lsass.exe 612 5,124 K 12,380 K Local Security Authority Process Microsoft Corporation
jusched.exe 4120 1,800 K 5,604 K Java™ Update Scheduler Sun Microsystems, Inc.
DSUpd.exe 3156 16,936 K 18,180 K DataSafe Update Launcher SoftThinks - Dell
DockLogin.exe 1104 1,436 K 4,504 K Dock Login Service Stardock Corporation
dllhost.exe 2624 2,940 K 6,968 K COM Surrogate Microsoft Corporation
CVHSVC.EXE 3312 7,548 K 14,932 K Microsoft Office Client Virtualization Service Microsoft Corporation
audiodg.exe 4620 17,744 K 19,068 K Windows Audio Device Graph Isolation Microsoft Corporation
atiesrxx.exe 924 2,424 K 5,400 K AMD External Events Service Module AMD
atieclxx.exe 1352 3,052 K 6,884 K AMD External Events Client Module AMD
armsvc.exe 1872 1,508 K 4,424 K Adobe Acrobat Update Service Adobe Systems Incorporated

Posted Image
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

Advertisements


#26
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ESET SCAN:

C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

Bitdefender Scan:


QuickScan 64-bit v0.9.9.100
---------------------------
Scan date: Thu Dec 01 13:34:33 2011
Machine ID: DE6F1425



No infection found.
-------------------



Processes
---------
(unsigned) MagicDisc 4384 C:\Program Files (x86)\MagicDisc\MagicDisc.exe

(verified) avast! Antivirus 5044 C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Cyberlink PowerDVD 4532 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(verified) DataSafeOnline 4488 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(verified) Dell Dock 4080 C:\Program Files\Dell\DellDock\DellDock.exe
(verified) Java™ Platform SE Auto Updater 2 0 4120 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes' Anti-Malware 5032 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft® Windows® Operating System 2248 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 2984 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 3948 C:\Windows\System32\rundll32.exe
(verified) Microsoft® Windows® Operating System 2896 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 4968 C:\Windows\System32\wuauclt.exe
(verified) RealPlayer (32-bit) 2356 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(verified) Realtek HD Audio Manager 3300 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(verified) Roxio Burn 4244 C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(verified) Roxio Burn 4576 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(verified) Windows® Internet Explorer 356 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2560 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2616 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Search 3684 C:\Windows\System32\SearchProtocolHost.exe


Network activity
----------------
Process iexplore.exe (2616) connected on port 443 (HTTP over SSL) --> 74.125.127.95



Autoruns and critical files
---------------------------
(unsigned) Catalyst® Control Center c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) DSUpdate Client C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
(unsigned) MagicDisc C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Cyberlink PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(verified) DataSafeOnline C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(verified) Dell Dock C:\Program Files\Dell\DellDock\DellDock.exe
(verified) Google Update C:\Users\Fuan Azazel\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(verified) RealPlayer (32-bit) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(verified) Roxio Burn C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(verified) Steam C:\Program Files (x86)\Steam2\Steam.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
(verified) avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll
(verified) Family Safety Browser Helper Object Lib C:\Program Files\Windows Live\Family Safety\fssbho.dll
(verified) Google Update C:\Users\Fuan Azazel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
(verified) Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
(verified) Unity Player C:\Users\Fuan Azazel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\"DllName"


Scan
----
MD5: 36dc4ef5859640a320664612359762ac C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
MD5: 6db2545f6dd1e814168eba45b083a843 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
MD5: c2e0569551c8dea187eb3b75cdfa73a7 c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.dll
MD5: 8e859147cb475bc4301c4643f9b72935 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
MD5: 35a5c7ad281231c1dea6751a63268de5 C:\Program Files (x86)\Dell DataSafe Online\BuEng.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: a16852b04c0a5654b0b8dfd5e1a25718 C:\Program Files (x86)\MagicDisc\MagicDisc.exe
MD5: 8da342a2340b8c408e22cbd401e80aed C:\Program Files (x86)\MagicISO\misosh64.dll
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 0840abbbdf438691ee65a20040635cbe C:\Program Files\Dell\DellDock\DockLogin.exe
MD5: 6e0f0ffc250941745be59d91e75191fe C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MD5: 87deeeb4a04306c3464c409027a47306 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MD5: 8be9187abfe036f157cf55d5a3eff22a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MD5: d8c9ac87d26409fcb7c47edca2daa3c8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MD5: 903bdfac4542fa2f5459d2ac4f41d6c9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MD5: bf372975018012d203ebd85fedf08de7 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MD5: 339d5e05399cdabda3202453f612197a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MD5: bd1be9e9625744df191e09e7e80d2979 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MD5: 0202b3742d8f91d87616c7585cdc3314 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MD5: 766b0a4cc23f494f0a57da7f324847a9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\0345ecdd28beb31aaa47e026002d6eee\Accessibility.ni.dll
MD5: 5ae778b3b440d6adbc923b0ccd6b3182 C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\116cc0efca5738a6e9c648d5689474d6\DellDock.ni.exe
MD5: b4ebed56e7cee7e5c797dd790e6a9f73 C:\Windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\eb80830dfda02e9bc427bd923c1440ae\MenuSkinning.ni.dll
MD5: bc2131adf3e4f0368314fd98212d35b8 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\89539913ae4a7cd0cb6ca733d6bf699e\mscorlib.ni.dll
MD5: 5d7efb09795df1b8a069ce31113b089a C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\09e72b6e65c06803e4b50b88d2c0d55a\MyDock.Util.ni.dll
MD5: fbc7eba18ff07796f2fc1af18a15e2e1 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\e15f654a3f4e638c7ba5444bf20b153e\System.Configuration.ni.dll
MD5: 8015bb1f932d927d227e60496bb066fe C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c408c75363c244afcb954200b188199\System.Drawing.ni.dll
MD5: 7d2fecbd01fe929a2be8cfa92a593e2f C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\63ae9bb2379f2f46e053f0a76e2f0baf\System.Management.ni.dll
MD5: e4c13377d54915349e842e72a15b786c C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bdc91c67bab6062f540f003882e9c994\System.Windows.Forms.ni.dll
MD5: 0869989b336b9eb29ac9c094153dd3ca C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\74e76c1f1037e289e2affd0099097519\System.Xml.ni.dll
MD5: 999fd254c877192b5844dc71b44e8fcb C:\Windows\assembly\NativeImages_v2.0.50727_64\System\878cc5c7c2ea9fee5668149bf085afff\System.ni.dll
MD5: 9e02e6945a294649cdc6a7c9d12aa3b5 C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3d8291e96c1f38d0ef71531fc871d956\VistaBridgeLibrary.ni.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.08 MB sent, 2.84 KB recvd
Scanned 1422 files and modules - 45 seconds

==============================================================================
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Nothing found other than some adware and something we had already removed. Bitdefender sometimes complains about files it can't see but nothing unusual there either.

If it is running OK and not getting redirected I guess it is not important and we can just go ahead and clean up.

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#28
Coolkatslim

Coolkatslim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
After all of the scanning and updating, things are finally running smoothly again. Desktop is cleaned of reports and programs, and looking mighty shnazzy once more. Your tip about the hidden files even allowed me to find my missing pictures/documents, as one of my bugs made them all Hidden. Glad to have them back. I can't tell you how much I appreciate your assistance with my troubles.

I'll be damned sure to keep better track of what I acquire in the future, and I will be sure to spread the word. This kitty will always be indebted to you for saving his precious computer. Thank you so very, very much.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP