Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PING.exe Causing Massive Computer Slowdown [Closed]


  • This topic is locked This topic is locked

#1
KidRoleplay

KidRoleplay

    Member

  • Member
  • PipPip
  • 21 posts
I've been trying to get the viruses and malware off of Vista for over a day now. So, simply to say it, I'd not necessarily need a quick response as I'll be sleeping... for quite a long time, I feel. But I definitely could use professional help in tackling this one...

At any rate, I've managed to remove a good deal of the problems I had, with some collateral damage in the process (Windows Firewall no longer works and Defender won't install). I've got Microsoft Security Essentials and Malwarebytes at the moment, and it doesn't look like I have the Goodle Redirect virus anymore either. At least sometimes it appears to come around and some times not, so I'm not sure. If it is still around, it's secondary.

The problem is whatever the heck PING.exe is doing. It dominates my CPU slowing everything down to a crawl and is constantly trying to download from everywhere when I'm not in safe mode. Only, it doesn't seem to be getting far or downloading anything anywhere because I believe whatever they're trying to get is being blocked. Every so often, I also get a small error that shows up: something along the lines of "TCP/IP Ping encountered an error and needs to close". Also, Semantic Antivirus doesn't work anymore, complaining about not being able to find a WSOCK32.dll file in a dynamic library. In spite of all that, PING.exe is still the main problem, and whether or not it's associated with svchost.exe, I'm not sure. That also has a lot of activity.

I've a feeling once this last problem is lifted, my computer'll be nice and fast again... And then figure out how to get the Windows Firewall back.

---

OTL logfile created on: 12/18/2011 5:16:46 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Executive\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.70% Memory free
6.19 Gb Paging File | 5.30 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.16 Gb Total Space | 29.57 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
Drive D: | 8.93 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 89.84 Gb Free Space | 30.14% Space Free | Partition Type: NTFS
Drive F: | 271.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 14.94 Gb Total Space | 11.71 Gb Free Space | 78.40% Space Free | Partition Type: FAT32

Computer Name: M8120N-2 | User Name: Executive | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 05:16:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Executive\Downloads\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/23 14:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/19 02:33:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe


========== Modules (No Company Name) ==========

MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/16 10:00:26 | 000,508,928 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\svcs.exe -- (NetworkLog)
SRV - [2011/11/13 20:26:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/22 17:34:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/10 12:34:40 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/10/23 14:46:14 | 000,121,744 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/10/23 14:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/10/23 14:45:56 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/09/18 10:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/12/05 11:25:58 | 000,364,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2007/04/19 20:10:42 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/12/18 01:50:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl77a42e1d.sys -- (MpKsl77a42e1d)
DRV - [2011/11/15 12:27:12 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111215.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 12:27:12 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111215.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/10 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/07 18:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/04/12 16:13:04 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/03/31 21:31:52 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/10/13 11:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 11:31:46 | 000,279,600 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 11:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/16 12:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/17 17:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/18 15:30:16 | 000,366,080 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/01/09 15:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 15:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/04 11:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 33554
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Executive\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/15 08:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 02:01:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Executive\Program Files\DNA [2010/07/05 18:27:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F94F4922-FBE8-43D1-B920-B401166DCB48}: C:\Users\Executive\AppData\Local\{F94F4922-FBE8-43D1-B920-B401166DCB48}\ [2010/06/30 19:10:14 | 000,000,000 | ---D | M]

[2011/03/16 02:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Extensions
[2011/12/18 00:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions
[2011/03/16 06:14:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 02:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/18 02:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/07/05 18:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\EXECUTIVE\PROGRAM FILES\DNA
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI File not found
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72695822-AF9B-4097-9294-0AD86EB046E5}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: E:\!Recovery\My Documents\download\JanusKemp\Web Pictures\Might Use\Blue Dream Wallpaper 2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/28 15:13:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/02/24 14:46:28 | 000,000,300 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [1998/01/28 05:52:32 | 000,028,160 | R--- | M] ()
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell\dinstall\command - "" = F:\directx\dxsetup.exe -- [1997/07/14 12:00:00 | 000,088,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell\readme\command - "" = F:\Help\Help.exe Help\Readme.hlp
O33 - MountPoints2\{da2db1ee-a6ae-11df-b3e7-001bfca48932}\Shell - "" = AutoRun
O33 - MountPoints2\{da2db1ee-a6ae-11df-b3e7-001bfca48932}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = W2b] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 02:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/18 01:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 01:42:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/18 01:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/17 08:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/17 08:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/16 13:18:36 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\ElevatedDiagnostics
[2011/12/16 12:56:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/12/10 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Executive\Documents\DAZ 3D
[2011/12/10 18:57:34 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\DAZ 3D
[2011/12/07 15:43:19 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{615E3223-D645-41A6-BE99-FB17CA8B4C3C}
[2011/12/07 15:42:58 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{9DFE8674-0423-45A9-9B50-F610AE1DF8C6}
[2011/11/24 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\MotioninJoy
[2011/11/24 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2011/11/24 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2011/11/24 16:30:33 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{1EE93565-E499-4BD3-959A-344B70EFEC79}
[2011/11/24 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{D7A57D1C-354A-4CBD-9844-4D0066CE5D90}
[2011/11/24 06:19:31 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{A2A4A6F5-722E-49D3-AB2B-071435BDF42A}
[2011/11/24 06:19:11 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{F3EEF906-8F25-4F9C-B25D-FC577F5B8E1B}
[2011/11/24 03:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/11/24 03:34:59 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\NeopleLauncherDFO
[2011/11/24 03:34:00 | 000,000,000 | ---D | C] -- C:\Users\Executive\New Folder

========== Files - Modified Within 30 Days ==========

[2011/12/18 05:16:38 | 000,000,680 | ---- | M] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2011/12/18 04:42:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 04:41:17 | 000,393,216 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011/12/18 04:40:52 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 04:40:52 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 04:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/18 04:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/18 03:03:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/18 03:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/18 02:03:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/18 02:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/18 01:49:13 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/18 01:42:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 01:29:04 | 000,002,651 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/12/18 00:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/17 23:31:40 | 003,817,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/17 23:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/17 23:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/17 22:02:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/17 22:02:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/17 19:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/17 19:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/17 18:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/17 18:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/17 17:36:35 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/17 17:34:56 | 000,674,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/17 17:34:56 | 000,130,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/17 16:02:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/17 16:02:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/17 15:15:39 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/17 15:03:04 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/17 14:23:52 | 438,239,854 | ---- | M] () -- C:\RegBackup (12-17-11).reg
[2011/12/17 12:14:38 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/17 12:14:38 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/17 12:14:27 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/17 12:04:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/17 12:03:13 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/17 11:04:23 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/17 09:11:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/17 09:10:40 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/17 08:52:17 | 002,452,538 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/17 08:06:52 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/17 08:06:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/17 07:06:47 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/17 07:05:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/17 06:09:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/17 06:07:44 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/17 05:10:47 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/17 05:10:45 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/17 01:03:25 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/17 01:03:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/16 21:03:26 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/16 21:03:26 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/16 20:07:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/16 20:03:25 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/16 17:03:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/16 17:03:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/16 14:04:39 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/16 14:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/16 13:10:18 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/16 13:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/16 12:11:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\JA5C85KC.exe.b
[2011/12/16 11:54:30 | 444,043,452 | ---- | M] () -- C:\RegBackup (12-16-11).reg
[2011/12/16 10:00:26 | 000,508,928 | ---- | M] () -- C:\Windows\svcs.exe
[2011/12/15 09:36:09 | 000,002,609 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/12/10 19:22:28 | 000,000,180 | ---- | M] () -- C:\Users\Executive\Desktop\Get 3D Models.url
[2011/12/09 09:58:51 | 000,017,206 | ---- | M] () -- C:\Users\Executive\Documents\Backup of Aaron and Lorelei.wbk
[2011/11/30 10:20:46 | 000,000,215 | ---- | M] () -- C:\Users\Executive\Desktop\DC Universe Online.url
[2011/11/24 21:16:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/11/24 21:16:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/11/24 21:16:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/11/24 21:12:15 | 000,000,971 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2011/11/24 21:12:15 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011/11/24 03:34:59 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url

========== Files Created - No Company Name ==========

[2011/12/18 01:42:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 00:49:59 | 000,000,680 | ---- | C] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2011/12/17 23:05:42 | 000,393,216 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011/12/17 22:35:26 | 000,005,256 | ---- | C] () -- C:\Users\Executive\Desktop\wscsvc.reg
[2011/12/17 17:36:35 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/17 17:33:51 | 000,001,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/17 14:11:18 | 438,239,854 | ---- | C] () -- C:\RegBackup (12-17-11).reg
[2011/12/17 08:51:03 | 002,452,538 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/16 12:11:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\JA5C85KC.exe.b
[2011/12/16 11:53:52 | 444,043,452 | ---- | C] () -- C:\RegBackup (12-16-11).reg
[2011/12/16 10:00:26 | 000,508,928 | ---- | C] () -- C:\Windows\svcs.exe
[2011/12/16 09:52:49 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/16 09:52:49 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/16 09:52:49 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/16 09:52:49 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/16 09:52:48 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/16 09:52:48 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/16 09:52:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/16 09:52:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/16 09:52:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/16 09:52:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/16 09:52:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/16 09:52:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/16 09:52:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/16 09:52:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/16 09:52:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/16 09:52:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/16 09:52:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/16 09:52:45 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/16 09:52:45 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/16 09:52:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/16 09:52:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/16 09:52:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/16 09:52:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/16 09:52:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/16 09:52:44 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/16 09:52:44 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/16 09:52:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/16 09:52:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/16 09:52:43 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/16 09:52:42 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/16 09:52:42 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/16 09:52:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/16 09:52:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/16 09:52:41 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/16 09:52:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/16 09:52:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/16 09:52:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/16 09:52:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/16 09:52:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/16 09:52:39 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/16 09:52:39 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/16 09:52:39 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/16 09:52:39 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/16 09:52:38 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/16 09:52:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/16 09:52:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/16 09:52:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/16 09:52:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/10 19:22:28 | 000,000,180 | ---- | C] () -- C:\Users\Executive\Desktop\Get 3D Models.url
[2011/12/09 09:58:49 | 000,017,206 | ---- | C] () -- C:\Users\Executive\Documents\Backup of Aaron and Lorelei.wbk
[2011/11/30 10:20:46 | 000,000,215 | ---- | C] () -- C:\Users\Executive\Desktop\DC Universe Online.url
[2011/11/24 21:16:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/11/24 21:16:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/11/24 21:16:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/11/24 21:15:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/11/24 21:12:15 | 000,000,971 | ---- | C] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2011/11/24 21:12:15 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011/11/24 20:48:46 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2011/11/24 03:34:59 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/28 09:44:49 | 000,036,335 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/04 12:51:33 | 000,000,006 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\date
[2011/02/04 12:51:32 | 000,000,002 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\evf6
[2010/11/23 21:54:04 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/11/23 20:09:17 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/11/23 13:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/10/09 22:53:39 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/26 17:14:33 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/09/23 19:18:10 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/23 19:18:09 | 000,022,328 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\PnkBstrK.sys
[2010/09/23 19:17:58 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/09/23 19:17:57 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/09/23 19:17:57 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/03 20:28:53 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/03/08 00:30:06 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini
[2010/03/07 20:39:38 | 000,000,092 | ---- | C] () -- C:\Windows\FinalSun.ini
[2009/12/23 00:22:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/02 14:16:46 | 000,000,062 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\MTC-savedfolder.dat
[2009/08/18 15:18:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 15:18:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 18:40:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/12 18:40:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/12 18:40:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/04/02 23:46:04 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/17 15:07:34 | 000,055,086 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/01/13 18:31:06 | 000,364,192 | ---- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/01/13 18:31:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\InstallService.exe
[2009/01/13 18:31:03 | 001,969,824 | ---- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/01/13 18:31:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/01/13 18:31:02 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/01/13 18:31:01 | 000,021,784 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/01/13 18:31:01 | 000,014,446 | ---- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/01/13 18:31:01 | 000,011,125 | ---- | C] () -- C:\Windows\System32\Vista.ini
[2009/01/13 18:31:01 | 000,010,438 | ---- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/01/13 18:31:01 | 000,000,619 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/01/13 18:31:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/11/11 09:50:17 | 000,000,000 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\pssetup.cfg
[2008/10/21 22:20:39 | 000,000,056 | -HS- | C] () -- C:\Windows\System32\578D8CCAC5.sys
[2008/10/21 22:20:35 | 000,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/13 11:31:46 | 000,279,600 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.sys
[2008/10/07 07:15:14 | 000,034,123 | ---- | C] () -- C:\Windows\scunin.dat
[2008/09/03 21:23:04 | 000,000,085 | ---- | C] () -- C:\Windows\FinalAlert2.ini
[2008/08/01 02:06:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/31 19:50:31 | 000,000,625 | ---- | C] () -- C:\Windows\eReg.dat
[2008/07/14 08:01:58 | 001,117,184 | ---- | C] () -- C:\Windows\System32\swfExt.dll
[2008/07/14 08:01:58 | 000,037,888 | ---- | C] () -- C:\Windows\System32\flash_lib.dll
[2008/07/14 07:42:42 | 000,000,125 | ---- | C] () -- C:\Windows\fd3.INI
[2008/07/05 21:56:32 | 000,000,703 | ---- | C] () -- C:\Windows\H2_Setup.INI
[2008/07/01 02:04:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/10 19:52:10 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/06/02 08:47:59 | 000,150,213 | ---- | C] () -- C:\Windows\hpwins05.dat
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/09/20 09:51:04 | 000,015,977 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2007/09/14 11:10:17 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2007/08/28 15:05:48 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/28 14:57:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/28 14:50:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/28 14:48:19 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/08/28 14:48:19 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/04/03 11:59:54 | 006,148,096 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2007/03/06 03:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 09:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 09:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/12/05 16:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 16:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/11/20 17:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 17:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,817,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,674,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,130,210 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 12:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2004/12/01 18:34:46 | 000,000,725 | -H-- | C] () -- C:\Windows\C8E838E3SD8Emsys.dat
[2004/08/03 14:00:00 | 000,773,120 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2003/02/10 01:13:10 | 000,000,425 | -H-- | C] () -- C:\ProgramData\systmsp2C8E838E3SD8E
[2002/02/28 13:25:55 | 000,000,905 | -H-- | C] () -- C:\Windows\System32\C8E838E3SD8Empsd43.dat
[2001/08/15 12:48:11 | 000,000,545 | -H-- | C] () -- C:\Users\Executive\AppData\Roaming\winpmltsC8E838E3SD8E
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/06/10 01:11:24 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Aim
[2009/09/24 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Cakewalk
[2010/01/25 23:08:12 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Clickteam
[2008/11/11 09:49:26 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\CrystalApp
[2008/11/11 09:49:22 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\CrystalSpace
[2011/12/10 19:00:00 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\DAZ 3D
[2009/08/26 02:10:12 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\DNA
[2010/02/07 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Eltima Software
[2010/06/25 20:04:32 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\GetRightToGo
[2010/07/05 04:12:30 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\gtk-2.0
[2011/04/18 15:34:50 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Ideas From the Deep
[2008/06/10 04:23:01 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Jasc
[2011/11/24 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\MotioninJoy
[2009/09/23 06:40:55 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Music Recognition
[2011/11/24 03:54:16 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\NeopleLauncherDFO
[2008/11/11 09:56:53 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\PlaneShift
[2010/03/14 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Planetside Software
[2009/09/20 07:20:53 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Power Mixer
[2010/07/05 04:10:30 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\RadiantSettings
[2008/12/10 00:54:02 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Raia
[2011/05/18 22:28:12 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\RIFT
[2009/10/30 21:38:03 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\SecondLife
[2008/12/10 00:53:13 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\ShadeExplorer
[2008/05/29 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Snapfish
[2010/06/25 20:15:09 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\TotalRecorder
[2010/03/14 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\uk.co.planetside
[2008/05/30 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\WinBatch
[2011/12/18 01:49:13 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/18 04:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/17 05:10:45 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/17 05:10:47 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/17 06:07:44 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/17 06:09:03 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/17 07:06:47 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/17 07:05:50 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/17 08:06:50 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/17 08:06:52 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/17 09:10:40 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/18 00:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/17 09:11:03 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/17 12:14:38 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/17 12:14:38 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/17 12:14:27 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/17 11:04:23 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/17 12:04:23 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/17 12:03:13 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/16 13:10:18 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/16 13:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/16 14:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/17 01:03:25 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/16 14:04:39 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/17 15:03:04 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/17 15:15:39 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/17 16:02:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/17 16:02:59 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/16 17:03:30 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/16 17:03:30 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/17 18:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/17 18:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/17 19:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/17 01:03:25 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/17 19:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/16 20:07:24 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/16 20:03:25 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/16 21:03:26 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/16 21:03:26 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/17 22:02:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/17 22:02:59 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/17 23:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/17 23:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/18 02:03:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/18 02:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/18 03:03:31 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/18 03:03:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/18 04:03:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/12/18 04:40:42 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - something for you to do when you wake up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/12/16 10:00:26 | 000,508,928 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\svcs.exe -- (NetworkLog)
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 33554
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    [2011/12/16 12:11:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\JA5C85KC.exe.b
    [2011/12/16 10:00:26 | 000,508,928 | ---- | M] () -- C:\Windows\svcs.exe

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
KidRoleplay

KidRoleplay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Alright. Let's take a looksie...

Everything seems to be in order. My computer's breathing a sigh of relief.
Symantec Antivirus isn't coming up with its WSOCK32.dll error anymore, although I'm not sure how wise it is having three virus monitors now.

Windows Firewall is still not working, however... Other than that, it's all good. :)




OTL log:

OTL logfile created on: 12/18/2011 3:59:05 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Executive\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.48% Memory free
6.22 Gb Paging File | 4.68 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.16 Gb Total Space | 32.27 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive D: | 8.93 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 89.84 Gb Free Space | 30.14% Space Free | Partition Type: NTFS
Drive F: | 271.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 14.94 Gb Total Space | 11.71 Gb Free Space | 78.40% Space Free | Partition Type: FAT32

Computer Name: M8120N-2 | User Name: Executive | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 15:27:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Executive\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/23 14:46:26 | 000,136,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/10/23 14:45:56 | 000,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/02/01 00:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/19 02:33:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/11/13 13:23:18 | 001,969,824 | ---- | M] () -- C:\WINDOWS\System32\WTMKM.exe
PRC - [2007/04/19 20:11:16 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/19 20:10:42 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/15 05:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/11/13 13:23:18 | 001,969,824 | ---- | M] () -- C:\WINDOWS\System32\WTMKM.exe
MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/08/28 17:29:00 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\ATWTINK.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/11/13 20:26:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/22 17:34:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/10 12:34:40 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/10/23 14:46:14 | 000,121,744 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/10/23 14:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/10/23 14:45:56 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/09/18 10:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 00:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/12/05 11:25:58 | 000,364,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2007/04/19 20:10:42 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/12/18 15:53:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsldb747942.sys -- (MpKsldb747942)
DRV - [2011/12/18 15:35:46 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl1257c805.sys -- (MpKsl1257c805)
DRV - [2011/11/15 12:27:12 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111215.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 12:27:12 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111215.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/10 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/07 18:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/04/12 16:13:04 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/03/31 21:31:52 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/10/13 11:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 11:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 11:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/16 12:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/17 17:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/18 15:30:16 | 000,366,080 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/01/09 15:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 15:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/04 11:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Executive\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/15 08:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 02:01:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Executive\Program Files\DNA [2010/07/05 18:27:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F94F4922-FBE8-43D1-B920-B401166DCB48}: C:\Users\Executive\AppData\Local\{F94F4922-FBE8-43D1-B920-B401166DCB48}\ [2010/06/30 19:10:14 | 000,000,000 | ---D | M]

[2011/03/16 02:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Extensions
[2011/12/18 00:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions
[2011/03/16 06:14:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 02:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/18 02:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/07/05 18:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\EXECUTIVE\PROGRAM FILES\DNA
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/18 15:31:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI File not found
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72695822-AF9B-4097-9294-0AD86EB046E5}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: E:\!Recovery\My Documents\download\JanusKemp\Web Pictures\Might Use\Blue Dream Wallpaper 2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/28 15:13:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/02/24 14:46:28 | 000,000,300 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [1998/01/28 05:52:32 | 000,028,160 | R--- | M] ()
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell\dinstall\command - "" = F:\directx\dxsetup.exe -- [1997/07/14 12:00:00 | 000,088,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{42ce96ab-2d8e-11dd-abc4-806e6f6e6963}\Shell\readme\command - "" = F:\Help\Help.exe Help\Readme.hlp
O33 - MountPoints2\{da2db1ee-a6ae-11df-b3e7-001bfca48932}\Shell - "" = AutoRun
O33 - MountPoints2\{da2db1ee-a6ae-11df-b3e7-001bfca48932}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = W2b] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 15:30:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/18 15:27:56 | 004,343,835 | ---- | C] (Swearware) -- C:\Users\Executive\Desktop\ComboFix.exe
[2011/12/18 15:27:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Executive\Desktop\OTL.exe
[2011/12/18 02:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/18 02:00:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/18 02:00:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/18 02:00:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/18 01:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 01:42:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/18 01:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 21:34:53 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/17 21:34:51 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/17 21:34:39 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/17 21:34:28 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/17 21:34:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/17 21:32:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/17 19:15:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/17 19:15:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/17 19:15:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/17 19:15:50 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/17 19:15:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/17 19:15:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/17 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/17 17:27:21 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/12/17 17:27:04 | 018,005,296 | ---- | C] (Microsoft Corporation) -- C:\Users\Executive\Desktop\IE9-WindowsVista-x86-enu.exe
[2011/12/17 15:53:45 | 073,978,048 | ---- | C] (Microsoft Corporation) -- C:\Users\Executive\Desktop\msert.exe
[2011/12/17 08:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/17 08:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/16 13:18:36 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\ElevatedDiagnostics
[2011/12/16 12:56:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/12/10 19:00:18 | 000,000,000 | ---D | C] -- C:\Users\Executive\Documents\DAZ 3D
[2011/12/10 18:57:34 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\DAZ 3D
[2011/12/07 15:43:19 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{615E3223-D645-41A6-BE99-FB17CA8B4C3C}
[2011/12/07 15:42:58 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{9DFE8674-0423-45A9-9B50-F610AE1DF8C6}
[2011/12/01 09:05:44 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/12/01 09:05:44 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/12/01 09:05:43 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/12/01 09:05:43 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/12/01 09:05:42 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/12/01 09:05:41 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/12/01 09:05:41 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/12/01 09:05:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/12/01 09:05:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/12/01 09:05:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/12/01 09:05:28 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/12/01 09:05:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/12/01 09:05:21 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/12/01 09:05:21 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/12/01 09:05:19 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/12/01 09:05:19 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/12/01 09:05:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/12/01 09:05:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/12/01 09:05:16 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/12/01 09:05:14 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/12/01 09:05:14 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/12/01 09:05:13 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/12/01 09:05:11 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/12/01 09:05:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/12/01 09:05:09 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/12/01 09:05:08 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/12/01 09:05:08 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/12/01 09:05:07 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/12/01 09:05:07 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/12/01 09:05:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/12/01 09:04:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/12/01 09:04:48 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/12/01 09:04:38 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/12/01 09:04:38 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/12/01 09:04:25 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/12/01 09:04:03 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/12/01 09:03:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/12/01 09:03:48 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/12/01 09:03:45 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/12/01 09:03:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/12/01 09:03:29 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/12/01 09:02:30 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/12/01 09:02:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/12/01 09:02:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/12/01 09:02:13 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/12/01 09:02:05 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/12/01 09:01:56 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/12/01 09:01:45 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/12/01 09:01:34 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/12/01 09:01:14 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/11/24 21:15:34 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/11/24 21:12:15 | 000,255,496 | ---- | C] (Logitech Inc.) -- C:\Windows\System32\MijFrc.dll
[2011/11/24 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\MotioninJoy
[2011/11/24 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2011/11/24 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2011/11/24 16:30:33 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{1EE93565-E499-4BD3-959A-344B70EFEC79}
[2011/11/24 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{D7A57D1C-354A-4CBD-9844-4D0066CE5D90}
[2011/11/24 06:19:31 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{A2A4A6F5-722E-49D3-AB2B-071435BDF42A}
[2011/11/24 06:19:11 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Local\{F3EEF906-8F25-4F9C-B25D-FC577F5B8E1B}
[2011/11/24 03:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/11/24 03:34:59 | 000,000,000 | ---D | C] -- C:\Users\Executive\AppData\Roaming\NeopleLauncherDFO
[2011/11/24 03:34:00 | 000,000,000 | ---D | C] -- C:\Users\Executive\New Folder

========== Files - Modified Within 30 Days ==========

[2011/12/18 15:53:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 15:53:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 15:53:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 15:31:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/18 15:28:01 | 004,343,835 | ---- | M] (Swearware) -- C:\Users\Executive\Desktop\ComboFix.exe
[2011/12/18 15:27:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Executive\Desktop\OTL.exe
[2011/12/18 15:25:55 | 000,002,651 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/12/18 15:16:34 | 000,000,680 | ---- | M] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2011/12/18 04:41:17 | 000,393,216 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011/12/18 01:42:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 23:31:40 | 003,817,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/17 17:36:35 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/17 17:34:56 | 000,674,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/17 17:34:56 | 000,130,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/17 17:27:18 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\Executive\Desktop\IE9-WindowsVista-x86-enu.exe
[2011/12/17 15:56:24 | 073,978,048 | ---- | M] (Microsoft Corporation) -- C:\Users\Executive\Desktop\msert.exe
[2011/12/17 14:23:52 | 438,239,854 | ---- | M] () -- C:\RegBackup (12-17-11).reg
[2011/12/17 08:52:17 | 002,452,538 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/16 11:54:30 | 444,043,452 | ---- | M] () -- C:\RegBackup (12-16-11).reg
[2011/12/15 09:36:09 | 000,002,609 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/12/10 19:22:28 | 000,000,180 | ---- | M] () -- C:\Users\Executive\Desktop\Get 3D Models.url
[2011/12/09 09:58:51 | 000,017,206 | ---- | M] () -- C:\Users\Executive\Documents\Backup of Aaron and Lorelei.wbk
[2011/11/30 10:20:46 | 000,000,215 | ---- | M] () -- C:\Users\Executive\Desktop\DC Universe Online.url
[2011/11/24 21:16:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/11/24 21:16:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/11/24 21:16:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/11/24 21:12:15 | 000,000,971 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2011/11/24 21:12:15 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011/11/24 03:34:59 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2011/12/18 01:42:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 00:49:59 | 000,000,680 | ---- | C] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2011/12/17 23:05:42 | 000,393,216 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011/12/17 22:35:26 | 000,005,256 | ---- | C] () -- C:\Users\Executive\Desktop\wscsvc.reg
[2011/12/17 17:36:35 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/17 17:33:51 | 000,001,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/17 14:11:18 | 438,239,854 | ---- | C] () -- C:\RegBackup (12-17-11).reg
[2011/12/17 08:51:03 | 002,452,538 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/16 11:53:52 | 444,043,452 | ---- | C] () -- C:\RegBackup (12-16-11).reg
[2011/12/10 19:22:28 | 000,000,180 | ---- | C] () -- C:\Users\Executive\Desktop\Get 3D Models.url
[2011/12/09 09:58:49 | 000,017,206 | ---- | C] () -- C:\Users\Executive\Documents\Backup of Aaron and Lorelei.wbk
[2011/11/30 10:20:46 | 000,000,215 | ---- | C] () -- C:\Users\Executive\Desktop\DC Universe Online.url
[2011/11/24 21:16:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/11/24 21:16:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/11/24 21:16:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/11/24 21:15:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/11/24 21:12:15 | 000,000,971 | ---- | C] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2011/11/24 21:12:15 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011/11/24 20:48:46 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2011/11/24 03:34:59 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/28 09:44:49 | 000,036,335 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/04 12:51:33 | 000,000,006 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\date
[2011/02/04 12:51:32 | 000,000,002 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\evf6
[2010/11/23 21:54:04 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/11/23 20:09:17 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/11/23 13:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/10/09 22:53:39 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/26 17:14:33 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/09/23 19:18:10 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/23 19:18:09 | 000,022,328 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\PnkBstrK.sys
[2010/09/23 19:17:58 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/09/23 19:17:57 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/09/23 19:17:57 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/03 20:28:53 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/03/08 00:30:06 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini
[2010/03/07 20:39:38 | 000,000,092 | ---- | C] () -- C:\Windows\FinalSun.ini
[2009/12/23 00:22:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/02 14:16:46 | 000,000,062 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\MTC-savedfolder.dat
[2009/08/18 15:18:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 15:18:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 18:40:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/12 18:40:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/12 18:40:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/04/02 23:46:04 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/17 15:07:34 | 000,055,086 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/01/13 18:31:06 | 000,364,192 | ---- | C] () -- C:\Windows\System32\atwtusb.exe
[2009/01/13 18:31:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\InstallService.exe
[2009/01/13 18:31:03 | 001,969,824 | ---- | C] () -- C:\Windows\System32\WTMKM.exe
[2009/01/13 18:31:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2009/01/13 18:31:02 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/01/13 18:31:01 | 000,021,784 | ---- | C] () -- C:\Windows\System32\Photoshop Elements.ini
[2009/01/13 18:31:01 | 000,014,446 | ---- | C] () -- C:\Windows\System32\PhotoImpact XL SE.ini
[2009/01/13 18:31:01 | 000,011,125 | ---- | C] () -- C:\Windows\System32\Vista.ini
[2009/01/13 18:31:01 | 000,010,438 | ---- | C] () -- C:\Windows\System32\XP_2000.INI
[2009/01/13 18:31:01 | 000,000,619 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2009/01/13 18:31:00 | 000,006,874 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/11/11 09:50:17 | 000,000,000 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\pssetup.cfg
[2008/10/21 22:20:39 | 000,000,056 | -HS- | C] () -- C:\Windows\System32\578D8CCAC5.sys
[2008/10/21 22:20:35 | 000,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/07 07:15:14 | 000,034,123 | ---- | C] () -- C:\Windows\scunin.dat
[2008/09/03 21:23:04 | 000,000,085 | ---- | C] () -- C:\Windows\FinalAlert2.ini
[2008/08/01 02:06:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/31 19:50:31 | 000,000,625 | ---- | C] () -- C:\Windows\eReg.dat
[2008/07/14 08:01:58 | 001,117,184 | ---- | C] () -- C:\Windows\System32\swfExt.dll
[2008/07/14 08:01:58 | 000,037,888 | ---- | C] () -- C:\Windows\System32\flash_lib.dll
[2008/07/14 07:42:42 | 000,000,125 | ---- | C] () -- C:\Windows\fd3.INI
[2008/07/05 21:56:32 | 000,000,703 | ---- | C] () -- C:\Windows\H2_Setup.INI
[2008/07/01 02:04:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/10 19:52:10 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/06/02 08:47:59 | 000,150,213 | ---- | C] () -- C:\Windows\hpwins05.dat
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/09/20 09:51:04 | 000,015,977 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2007/09/14 11:10:17 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2007/08/28 15:05:48 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/28 14:57:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/28 14:50:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/28 14:48:19 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/08/28 14:48:19 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/04/03 11:59:54 | 006,148,096 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2007/03/06 03:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 09:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 09:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/12/05 16:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 16:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/11/20 17:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 17:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,817,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,674,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,130,210 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 12:09:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2004/12/01 18:34:46 | 000,000,725 | -H-- | C] () -- C:\Windows\C8E838E3SD8Emsys.dat
[2004/08/03 14:00:00 | 000,773,120 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2003/02/10 01:13:10 | 000,000,425 | -H-- | C] () -- C:\ProgramData\systmsp2C8E838E3SD8E
[2002/02/28 13:25:55 | 000,000,905 | -H-- | C] () -- C:\Windows\System32\C8E838E3SD8Empsd43.dat
[2001/08/15 12:48:11 | 000,000,545 | -H-- | C] () -- C:\Users\Executive\AppData\Roaming\winpmltsC8E838E3SD8E
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




ComboFix Log:

ComboFix 11-12-18.01 - Executive 12/18/2011 17:02:43.1.4 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.2060 [GMT -5:00]
Running from: c:\users\Executive\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Adobe\sn.txt
c:\users\Executive\AppData\Local\assembly\tmp
c:\users\Executive\AppData\Roaming\Microsoft\Windows\Templates\486307x7t044a585y742y0ssj2u3
c:\users\Executive\AppData\Roaming\Microsoft\Windows\Templates\pltlgn5f0xfj6kyw5qlc5r666y6h
c:\windows\$NtUninstallKB56419$
c:\windows\$NtUninstallKB56419$\1331039053
c:\windows\$NtUninstallKB56419$\639105652\@
c:\windows\$NtUninstallKB56419$\639105652\bckfg.tmp
c:\windows\$NtUninstallKB56419$\639105652\cfg.ini
c:\windows\$NtUninstallKB56419$\639105652\Desktop.ini
c:\windows\$NtUninstallKB56419$\639105652\keywords
c:\windows\$NtUninstallKB56419$\639105652\kwrd.dll
c:\windows\$NtUninstallKB56419$\639105652\L\qnbwvoto
c:\windows\$NtUninstallKB56419$\639105652\lsflt7.ver
c:\windows\$NtUninstallKB56419$\639105652\U\[email protected]
c:\windows\$NtUninstallKB56419$\639105652\U\[email protected]
c:\windows\$NtUninstallKB56419$\639105652\U\[email protected]
c:\windows\$NtUninstallKB56419$\639105652\U\[email protected]
c:\windows\$NtUninstallKB56419$\639105652\U\[email protected]
c:\windows\$NtUninstallKB56419$\639105652\U\[email protected]
c:\windows\system32\odbcad32.exe
E:\install.exe
.
Infected copy of c:\windows\system32\drivers\SRTSP.SYS was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 22:27 . 2011-12-18 22:33 -------- d-----w- c:\users\Executive\AppData\Local\temp
2011-12-18 22:27 . 2011-12-18 22:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-18 20:30 . 2011-12-18 20:30 -------- d-----w- C:\_OTL
2011-12-18 07:02 . 2011-12-18 07:02 -------- d-----w- c:\program files\Common Files\Java
2011-12-18 07:01 . 2011-11-10 10:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-18 06:42 . 2011-12-18 06:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 06:42 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 02:34 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-18 00:15 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-18 00:15 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-18 00:15 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-17 22:54 . 2011-12-17 22:53 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBFFE6D-DCF2-44AA-B94D-42EDDAA8330A}\gapaengine.dll
2011-12-17 22:32 . 2011-12-17 22:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-17 22:27 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-17 21:01 . 2011-12-18 22:29 -------- d-----w- c:\windows\system32\wbem\repository
2011-12-17 19:11 . 2011-12-17 19:23 438239854 ----a-w- C:\RegBackup (12-17-11).reg
2011-12-17 13:49 . 2011-12-17 19:27 -------- d-----w- c:\programdata\PC Tools
2011-12-16 18:18 . 2011-12-16 18:18 -------- d-----w- c:\users\Executive\AppData\Local\ElevatedDiagnostics
2011-12-16 16:53 . 2011-12-16 16:54 444043452 ----a-w- C:\RegBackup (12-16-11).reg
2011-12-10 23:57 . 2011-12-11 00:00 -------- d-----w- c:\users\Executive\AppData\Roaming\DAZ 3D
2011-11-25 02:15 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-11-25 02:15 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-11-25 02:12 . 2011-11-25 02:12 -------- d-----w- c:\users\Executive\AppData\Roaming\MotioninJoy
2011-11-25 02:12 . 2011-11-25 02:12 -------- d-----w- c:\program files\MotioninJoy
2011-11-25 01:48 . 2008-11-22 18:48 11392 ----a-w- c:\windows\system32\drivers\dualshock3.sys
2011-11-24 08:34 . 2011-11-24 08:54 -------- d-----w- c:\users\Executive\AppData\Roaming\NeopleLauncherDFO
2011-11-24 08:34 . 2011-11-24 08:34 -------- d-----w- c:\users\Executive\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:37 . 2011-12-18 02:34 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-12-16 06:22 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B6FFD57-967B-4E3D-A79A-6209F4977FDF}\mpengine.dll
2011-11-13 23:43 . 2011-07-22 03:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 10:54 . 2010-07-07 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42 . 2011-12-18 02:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-18 00:15 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-18 00:15 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-18 00:15 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-18 00:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-18 02:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-27 08:01 . 2011-12-18 02:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 15:56 . 2011-12-18 02:34 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-15 08:53 . 2011-10-25 12:11 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-25 12:11 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-10-15 08:53 . 2011-10-25 12:11 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-10-25 12:11 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-25 12:11 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-25 12:11 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-25 12:11 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-08-10 03:42 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-08-10 03:42 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-08-10 03:42 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-08-10 03:42 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2010-12-27 15:22 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-12-27 15:22 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-12-27 15:22 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-12-27 15:22 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-12-27 15:22 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-10-15 08:53 . 2010-08-02 01:48 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2010-07-09 20:37 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-14 16:02 . 2011-12-18 02:34 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-09-20 21:02 . 2011-11-09 03:34 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 13:44 . 2011-11-09 03:34 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-23 136080]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-20 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-05-15 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047200]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047200]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:01 1047200 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-28 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 uhrwvuew;uhrwvuew;c:\windows\System32\drivers\opmg.sys [x]
R1 MpKsl1257c805;MpKsl1257c805;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl1257c805.sys [x]
R1 MpKsl8f2d3885;MpKsl8f2d3885;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl8f2d3885.sys [x]
R1 MpKsldf003fb0;MpKsldf003fb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBE9B9BC-0EA3-43CE-8A14-8099D2921752}\MpKsldf003fb0.sys [x]
R1 quqmdxzs;quqmdxzs;c:\windows\system32\drivers\quqmdxzs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R4 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R4 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2008-10-23 121744]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 WTService;WTService;c:\windows\system32\atwtusb.exe [2007-12-05 364192]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-04 255488]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-ISTray - c:\program files\PC Tools Security\pctsGui.exe
AddRemove-AnVir Task Manager Pro - c:\program files\AnVir Task Manager Pro\AnVir.exe
AddRemove-Bugdom Demo - e:\program files\Ideas From the Deep\Bugdom Demo\uninst.exe
AddRemove-IaMP English - c:\!recovery\Assignments\The Merging Is Complete\ImmaterialandMissingPower\Immaterial And Missing Power\uninstall_th075e.exe
AddRemove-Mabinogi - e:\nexon\Mabinogi\Mabinogi.exe
AddRemove-Multimedia Fusion 2 - HWA Beta Version - c:\program files\Multimedia Fusion 2\Uninstall HWA.exe
AddRemove-SpeedFan - c:\program files\SpeedFan\uninstall.exe
AddRemove-Spyware Doctor - c:\program files\PC Tools Security\unins000.exe
AddRemove-THE Vbg_is1 - c:\!recovery\Assignments\The Merging Is Complete\THE Vbg\unins000.exe
AddRemove-ZillaTube - c:\zillatube\uninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,
26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,c7,3c,9f,1a,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,5b,5a,de,fa,f8,09,4f,b0,ef,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,5b,5a,de,fa,f8,09,4f,b0,ef,a5,\
.
[HKEY_USERS\S-1-5-21-1761075619-41692359-743502292-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(1148)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\WTMKM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\hp\kbd\kbd.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-12-18 17:42:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 22:41
.
Pre-Run: 34,333,188,096 bytes free
Post-Run: 34,152,906,752 bytes free
.
- - End Of File - - 0759859A501A8185EF6C2A5937938A11
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

although I'm not sure how wise it is having three virus monitors now

This is the one time when more is definitely not better ;) Norton has a firewall attached and that may be stopping windows firewall from starting
Let me know which ones you are going to remove and I will provide a link to the relevant removal tool

Once this run is complete can you let me know of any outstanding problems

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\drivers\opmg.sys
c:\windows\system32\drivers\quqmdxzs.sys

Driver::
uhrwvuew
quqmdxzs

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP