Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran LSP-Fix on Win7 64x - Now Unable to Load Any Webpage [Solved]


  • This topic is locked This topic is locked

#31
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, I had a feeling that was going to happen.

I've attached a registry fix below. It's a copy of my export of this key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc

I do have a Windows 7 Home Premium 64 bit system. I realize you do have a Windows 7 Ultimate 64 bit edition, so I'm hoping that this registry fix will go through without a hitch, and if it's doesn't we always have a back-up of your registry.

I did look at the registry export you provided me and it appears the following were not in my registry export, so I've added those entries into the registry fix I'm giving you to run.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP]
"Collection"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]
"Collection"=hex:


We Need to Run a Registry Script

  • Please download the attached zip file to your computer.
    Attached File  Fix.zip   1.03KB   268 downloads
  • Use WinRar to unzip the registry file from the archive to your desktop.
  • Double click Posted Image on your desktop.
  • Press Yes if prompted by User Account Control.
  • Press Yes, and then Ok, when prompted.
  • Right click on Posted Image and choose Delete.
  • Press Yes.

Try to open up the Windows Firewall and see if you can open it now.
  • 1

Advertisements


#32
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL with custom scan:

OTL logfile created on: 1/5/2012 11:23:02 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 52.71% Memory free
7.99 Gb Paging File | 5.97 Gb Available in Paging File | 74.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 44.35 Gb Free Space | 19.05% Space Free | Partition Type: NTFS

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/04 00:22:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
PRC - [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/14 04:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/04/03 22:50:24 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/08/05 11:12:02 | 000,033,280 | ---- | M] (NirSoft) -- C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
PRC - [2009/07/13 17:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 14:58:58 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/07 01:40:58 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/14 04:21:22 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/07/14 04:21:22 | 001,137,664 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011/07/14 04:21:22 | 001,108,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,368,640 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
MOD - [2011/07/14 04:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011/07/14 04:21:20 | 011,496,448 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011/07/14 04:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011/07/14 04:21:20 | 001,013,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll
MOD - [2011/07/14 04:21:20 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2011/07/14 04:21:18 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/07/14 04:21:16 | 001,776,128 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,338,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/07/14 04:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,309,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011/07/14 04:21:14 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011/07/14 04:21:12 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011/07/14 04:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2011/07/14 04:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
MOD - [2011/07/14 04:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2011/07/14 04:21:10 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/07/14 04:21:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011/07/14 04:21:10 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2010/09/17 12:21:56 | 000,345,815 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/25 18:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 14:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 14:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011/07/17 03:50:44 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/24 12:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 04:36:53 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2011/08/08 10:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/30 08:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 18:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/25 07:28:54 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/29 09:01:53 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/07/23 23:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 16:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/11/10 05:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2011/12/24 15:08:12 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 DE 89 52 9C B7 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.2: C:\Program Files (x86)\TorrentStream\npvlc.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mafu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/23 18:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/24 14:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 00:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/12/15 01:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\Mafu\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2011/06/27 14:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mafu\AppData\Roaming\IDM\idmmzcc3

[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/05 20:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions
[2012/01/05 20:22:15 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/08/22 17:39:36 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/05/22 05:41:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/12 01:45:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/21 01:33:14 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\[email protected]
[2011/12/15 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ig01k7m.default\extensions
[2011/11/26 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/24 14:58:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/24 14:58:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/24 14:58:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/23 02:07:53 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [KeyExtender.exe] C:\Program Files (x86)\KeyExtender\KeyExtender.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [$Volumouse$] C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe (NirSoft)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA9D193-F66A-4E15-B9E2-EB4056CC71F5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9FFDE1-1B19-47A1-9AA7-FF552F2B79E5}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 19:08:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/04 01:27:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/04 01:02:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 01:01:24 | 004,368,790 | R--- | C] (Swearware) -- C:\Users\Mafu\Desktop\ComboFix.exe
[2012/01/04 00:28:13 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\tdsskiller
[2012/01/04 00:28:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/03 13:50:37 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Mafu\Desktop\unetbootin-windows-563.exe
[2012/01/02 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cd Keys_files
[2012/01/02 21:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\MigWiz
[2012/01/02 13:26:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/01/02 13:25:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/12/31 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\CrashDumps
[2011/12/29 02:00:28 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\Threat Expert
[2011/12/25 00:19:52 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/12/25 00:19:52 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/12/25 00:19:51 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/12/25 00:19:51 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/12/25 00:19:48 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/12/25 00:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/25 00:19:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/24 23:45:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/24 23:45:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/24 23:45:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/24 23:45:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/24 15:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/12/24 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/12/21 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Malwarebytes
[2011/12/21 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/21 18:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Mafu\AppData\Local\d7c12045
[2011/12/21 11:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\937D8
[2011/12/17 03:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyExtender
[2011/12/17 03:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyExtender
[2011/12/15 01:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2011/12/15 01:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2011/12/15 01:31:48 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/15 01:23:07 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/12/15 01:20:39 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/12/13 22:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/12/12 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\inMomentum
[2011/12/12 21:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\inMomentum
[2011/12/12 01:44:36 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\EapmapUI
[2011/12/08 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\SCE
[2011/12/07 02:36:59 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cards
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 22:50:32 | 000,029,579 | ---- | M] () -- C:\Users\Mafu\Desktop\Untitled.png
[2012/01/05 22:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000UA.job
[2012/01/05 20:27:30 | 000,095,981 | ---- | M] () -- C:\Users\Mafu\Desktop\30008_120801677951475_100000649292421_163993_1218902_n.jpg
[2012/01/05 20:27:17 | 000,084,158 | ---- | M] () -- C:\Users\Mafu\Desktop\34085_133520436679599_100000649292421_220888_4669066_n.jpg
[2012/01/05 20:27:08 | 000,072,226 | ---- | M] () -- C:\Users\Mafu\Desktop\13439_133516196680023_100000649292421_220857_2081750_n.jpg
[2012/01/05 20:26:37 | 000,044,730 | ---- | M] () -- C:\Users\Mafu\Desktop\381370_303707429660898_100000649292421_1061076_857618002_n.jpg
[2012/01/05 20:25:19 | 000,069,167 | ---- | M] () -- C:\Users\Mafu\Desktop\317411_255468801154494_100000741271366_847569_1226747_n.jpg
[2012/01/05 20:25:04 | 000,036,108 | ---- | M] () -- C:\Users\Mafu\Desktop\281351_10150281845432431_752942430_7580555_8178649_n.jpg
[2012/01/05 20:24:44 | 000,032,725 | ---- | M] () -- C:\Users\Mafu\Desktop\386309_303708859660755_100000649292421_1061079_1823394886_n.jpg
[2012/01/05 19:00:42 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000Core.job
[2012/01/05 18:53:16 | 493,166,498 | ---- | M] () -- C:\registrybackup.reg
[2012/01/05 18:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 11:51:39 | 001,643,484 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/04 11:41:40 | 000,333,917 | ---- | M] () -- C:\Users\Mafu\Desktop\FSS.exe
[2012/01/04 01:28:43 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 01:28:43 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 01:19:34 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 01:00:32 | 004,368,790 | R--- | M] (Swearware) -- C:\Users\Mafu\Desktop\ComboFix.exe
[2012/01/04 00:28:25 | 001,346,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 00:28:25 | 000,362,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 00:28:25 | 000,006,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 00:25:56 | 001,558,406 | ---- | M] () -- C:\Users\Mafu\Desktop\tdsskiller.zip
[2012/01/04 00:22:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/03 20:54:47 | 000,000,002 | ---- | M] () -- C:\$drvmig$
[2012/01/03 20:54:13 | 000,005,346 | ---- | M] () -- C:\Users\Mafu\Desktop\Windows Compatibility Report.htm
[2012/01/03 20:49:42 | 000,002,188 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/03 20:49:38 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/03 13:49:52 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Mafu\Desktop\unetbootin-windows-563.exe
[2012/01/03 03:10:47 | 000,006,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/02 22:46:36 | 000,010,362 | ---- | M] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/02 21:58:38 | 004,977,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/01 20:33:24 | 552,267,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/25 13:22:45 | 000,000,154 | ---- | M] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 01:01:29 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/25 00:19:47 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 20:02:04 | 000,000,355 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ussclean
[2011/12/24 15:08:12 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:59:13 | 000,002,052 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/24 14:57:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\3nT222i2h.dat
[2011/12/24 14:56:32 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/23 02:07:53 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/21 22:45:08 | 000,000,104 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/17 03:38:59 | 000,000,977 | ---- | M] () -- C:\Users\Mafu\Desktop\KeyExtender.lnk
[2011/12/15 01:32:14 | 000,002,014 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/12/15 01:32:14 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2011/12/15 01:29:56 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/12 21:19:52 | 000,001,248 | ---- | M] () -- C:\Users\Mafu\Desktop\inMomentum.lnk
[2011/12/08 17:42:48 | 000,002,608 | ---- | M] () -- C:\Users\Mafu\Desktop\DC Universe Online Live.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 22:27:58 | 000,029,579 | ---- | C] () -- C:\Users\Mafu\Desktop\Untitled.png
[2012/01/05 20:27:29 | 000,095,981 | ---- | C] () -- C:\Users\Mafu\Desktop\30008_120801677951475_100000649292421_163993_1218902_n.jpg
[2012/01/05 20:27:16 | 000,084,158 | ---- | C] () -- C:\Users\Mafu\Desktop\34085_133520436679599_100000649292421_220888_4669066_n.jpg
[2012/01/05 20:27:07 | 000,072,226 | ---- | C] () -- C:\Users\Mafu\Desktop\13439_133516196680023_100000649292421_220857_2081750_n.jpg
[2012/01/05 20:26:37 | 000,044,730 | ---- | C] () -- C:\Users\Mafu\Desktop\381370_303707429660898_100000649292421_1061076_857618002_n.jpg
[2012/01/05 20:25:18 | 000,069,167 | ---- | C] () -- C:\Users\Mafu\Desktop\317411_255468801154494_100000741271366_847569_1226747_n.jpg
[2012/01/05 20:25:04 | 000,036,108 | ---- | C] () -- C:\Users\Mafu\Desktop\281351_10150281845432431_752942430_7580555_8178649_n.jpg
[2012/01/05 20:24:42 | 000,032,725 | ---- | C] () -- C:\Users\Mafu\Desktop\386309_303708859660755_100000649292421_1061079_1823394886_n.jpg
[2012/01/05 18:52:46 | 493,166,498 | ---- | C] () -- C:\registrybackup.reg
[2012/01/04 11:51:57 | 000,333,917 | ---- | C] () -- C:\Users\Mafu\Desktop\FSS.exe
[2012/01/04 00:28:06 | 001,558,406 | ---- | C] () -- C:\Users\Mafu\Desktop\tdsskiller.zip
[2012/01/03 20:54:14 | 000,005,346 | ---- | C] () -- C:\Users\Mafu\Desktop\Windows Compatibility Report.htm
[2012/01/02 23:23:57 | 000,000,002 | ---- | C] () -- C:\$drvmig$
[2012/01/02 23:13:44 | 3605,774,336 | ---- | C] () -- C:\Users\Mafu\Desktop\6801.0.080913-2030_Client_en-us_ULTIMATE-ULTIMATE_GB1CXFRE_EN_DVD.iso
[2012/01/02 22:43:37 | 000,010,362 | ---- | C] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/01 20:33:24 | 552,267,682 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 11:18:54 | 000,000,154 | ---- | C] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 00:19:56 | 001,643,484 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/25 00:19:47 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 23:45:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:45:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:45:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:45:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:45:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/24 15:08:09 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:57:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\3nT222i2h.dat
[2011/12/21 22:45:08 | 000,000,104 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/17 03:38:59 | 000,000,977 | ---- | C] () -- C:\Users\Mafu\Desktop\KeyExtender.lnk
[2011/12/15 01:32:14 | 000,002,014 | ---- | C] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2011/12/15 01:32:14 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2011/12/13 22:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/12 21:19:52 | 000,001,248 | ---- | C] () -- C:\Users\Mafu\Desktop\inMomentum.lnk
[2011/12/08 15:18:31 | 000,002,608 | ---- | C] () -- C:\Users\Mafu\Desktop\DC Universe Online Live.lnk
[2011/12/08 15:18:31 | 000,002,538 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011/11/07 00:39:56 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2011/08/06 05:14:14 | 000,000,128 | ---- | C] () -- C:\Users\Mafu\AppData\Local\info.dat
[2011/08/05 20:24:54 | 000,110,338 | ---- | C] () -- C:\ProgramData\12321gdf5.jpeg
[2011/08/05 00:54:32 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2011/07/09 02:48:38 | 000,000,600 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\winscp.rnd
[2011/06/19 00:42:55 | 000,000,020 | ---- | C] () -- C:\Windows\Converter.INI
[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat
[2011/06/09 23:44:00 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\wta.dat
[2011/06/09 18:49:52 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\wta.ini
[2011/06/03 20:06:31 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin
[2011/05/31 19:55:42 | 000,064,048 | ---- | C] () -- C:\Windows\SysWow64\Hidhlp.dll
[2011/05/31 19:55:42 | 000,011,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\KMDX.sys
[2011/05/12 21:07:42 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 20:52:13 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/12 20:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/09 05:03:01 | 000,001,456 | ---- | C] () -- C:\Users\Mafu\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/07 17:55:47 | 000,000,120 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\c677aaba.dat
[2011/04/07 00:52:35 | 000,003,584 | ---- | C] () -- C:\Users\Mafu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 22:58:46 | 000,000,017 | ---- | C] () -- C:\Users\Mafu\AppData\Local\resmon.resmoncfg
[2011/03/31 00:48:21 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011/03/30 23:26:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/30 23:26:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/30 23:26:18 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/30 23:26:18 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/30 23:26:18 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/20 02:55:39 | 000,000,426 | ---- | C] () -- C:\Windows\aspack.ini
[2011/02/01 20:02:16 | 000,000,132 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/18 00:14:04 | 000,000,173 | ---- | C] () -- C:\Users\Mafu\AppData\Local\msmathematics.qat.Mafu
[2011/01/17 19:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/01/03 22:51:33 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 00:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/01/02 19:41:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 18:12:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/24 05:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/22 00:34:41 | 000,006,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 04:17:44 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010/12/20 03:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 11:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/09/27 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft
[2010/09/20 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft server
[2011/01/21 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.Torrent Stream
[2011/07/09 02:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AbsoluteTelnet
[2011/01/15 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\aicon
[2011/06/12 23:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Anywhere Software
[2011/05/08 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AtomZombieData
[2011/05/18 03:04:49 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Blender Foundation
[2011/01/28 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\BOXEE
[2011/04/06 03:13:16 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Bridge!
[2011/04/27 00:07:18 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Colibri Games
[2011/04/17 18:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DMCache
[2011/05/25 07:55:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DroidExplorer
[2011/07/01 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Dropbox
[2010/12/24 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\EDrawings
[2011/12/24 15:11:12 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/09/27 03:30:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FileZilla
[2011/05/20 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FMZilla
[2011/05/24 08:32:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\gtk-2.0
[2011/01/19 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Hackety Hack
[2011/03/04 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\HandBrake
[2011/05/17 21:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\illumination
[2011/09/16 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\ImgBurn
[2011/01/05 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\IrfanView
[2011/04/09 05:11:41 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Key Metric Software
[2011/12/15 01:23:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/03/20 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Lamantine
[2011/05/15 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\LazyDroid Client
[2011/03/04 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Leadertech
[2011/06/19 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\MDCrack
[2010/12/20 05:26:48 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade Warband
[2011/05/03 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/25 01:12:17 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Notepad++
[2011/12/15 01:20:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/10/14 03:01:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\OnLive App
[2011/05/06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Opera
[2011/01/23 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\PACE Anti-Piracy
[2011/09/28 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pegtop
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pencil
[2011/05/19 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\poclbm
[2011/01/17 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pogo
[2011/02/25 07:14:30 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\System
[2011/07/14 03:53:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\SystemRequirementsLab
[2011/12/31 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeamViewer
[2011/10/26 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeraCopy
[2011/03/24 01:23:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\The Creative Assembly
[2011/03/25 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tropico 3
[2011/01/02 23:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tunngle
[2011/01/12 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Ubisoft
[2011/05/04 00:36:36 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unity
[2011/10/02 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unzbin
[2011/06/02 21:48:40 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\updatetool
[2012/01/05 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\uTorrent
[2010/12/20 06:22:11 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VitySoft
[2011/08/06 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VOS
[2011/05/13 00:34:46 | 000,000,000 | -HSD | M] -- C:\Users\Mafu\AppData\Roaming\wyUpdate AU
[2011/08/07 04:02:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\XLink Kai
[2011/12/29 02:07:11 | 000,030,198 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/24 14:58:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/24 14:58:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/24 14:58:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/04 20:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/11/04 20:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /HideShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /ShowShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\Program Files (x86)\SeaMonkey\seamonkey.exe [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -preferences [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -safe-mode [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/12/24 14:58:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/12/24 14:58:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/12/24 14:58:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 17:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 17:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 17:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/04 20:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/11/04 20:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -PREFERENCES [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -SAFE-MODE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 990 bytes -> C:\Program Files (x86)\Common Files\System:oeuinffjZc7KNhlzMWe48CD
@Alternate Data Stream - 946 bytes -> C:\ProgramData\Microsoft:B2RaoTpiRxqjbekl1qxPODB
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 1116 bytes -> C:\ProgramData\Microsoft:O8Cw3ZuMk0KKzoe4mi9r
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 1006 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:t5GdSJVQ43HSE1awkQUmc

< End of report >
  • 0

#33
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
FSS:

Farbar Service Scanner
Ran by Mafu (administrator) on 05-01-2012 at 23:31:59
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 16:09] - [2009-07-13 17:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 16:09] - [2009-07-13 17:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 15:36] - [2009-07-13 17:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 15:39] - [2009-07-13 17:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-04-03 22:30] - [2010-12-20 22:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 16:36] - [2009-07-13 17:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 15:46] - [2009-07-13 17:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 15:49] - [2009-07-13 17:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#34
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Matt,

Please be sure you see my post here: http://www.geekstogo...ost__p__2104307
  • 0

#35
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
After the Fix file was ran, I still have the error when trying to turn on my firewall.
  • 0

#36
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
hmm...

Okay.

Can you just confirm that you recognize these files?

[2012/01/05 20:27:30 | 000,095,981 | ---- | M] () -- C:\Users\Mafu\Desktop\30008_120801677951475_100000649292421_163993_1218902_n.jpg
[2012/01/05 20:27:17 | 000,084,158 | ---- | M] () -- C:\Users\Mafu\Desktop\34085_133520436679599_100000649292421_220888_4669066_n.jpg
[2012/01/05 20:27:08 | 000,072,226 | ---- | M] () -- C:\Users\Mafu\Desktop\13439_133516196680023_100000649292421_220857_2081750_n.jpg
[2012/01/05 20:26:37 | 000,044,730 | ---- | M] () -- C:\Users\Mafu\Desktop\381370_303707429660898_100000649292421_1061076_857618002_n.jpg
[2012/01/05 20:25:19 | 000,069,167 | ---- | M] () -- C:\Users\Mafu\Desktop\317411_255468801154494_100000741271366_847569_1226747_n.jpg
[2012/01/05 20:25:04 | 000,036,108 | ---- | M] () -- C:\Users\Mafu\Desktop\281351_10150281845432431_752942430_7580555_8178649_n.jpg
[2012/01/05 20:24:44 | 000,032,725 | ---- | M] () -- C:\Users\Mafu\Desktop\386309_303708859660755_100000649292421_1061079_1823394886_n.jpg
[2011/08/05 20:24:54 | 000,110,338 | ---- | C] () -- C:\ProgramData\12321gdf5.jpeg

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O1 - Hosts: 184.95.41.155 www.google-analytics.com.
    O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
    O1 - Hosts: 184.95.41.155 www.statcounter.com.
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/12/24 20:02:04 | 000,000,355 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ussclean
    [2011/12/24 14:57:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\3nT222i2h.dat
    [2011/12/24 14:57:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\3nT222i2h.dat
    [2011/08/06 05:14:14 | 000,000,128 | ---- | C] () -- C:\Users\Mafu\AppData\Local\info.dat
    [2011/04/07 17:55:47 | 000,000,120 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\c677aaba.dat
    @Alternate Data Stream - 990 bytes -> C:\Program Files (x86)\Common Files\System:oeuinffjZc7KNhlzMWe48CD
    @Alternate Data Stream - 946 bytes -> C:\ProgramData\Microsoft:B2RaoTpiRxqjbekl1qxPODB
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 1116 bytes -> C:\ProgramData\Microsoft:O8Cw3ZuMk0KKzoe4mi9r
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 1006 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:t5GdSJVQ43HSE1awkQUmc
    :Reg
    
    :Files
    dir /s /a "C:\Users\Mafu\AppData\Roaming\System" /c
    dir /s /a "C:\Users\Mafu\AppData\Roaming\poclbm" /c
    dir /s /a "C:\Users\Mafu\AppData\Local\d7c12045" /c
    dir /s /a "C:\Users\Mafu\AppData\Roaming\wyUpdate AU" /c
    dir /s /a "C:\Program Files (x86)\937D8" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Run FSS again, and post the log file it produces.
  • 0

#37
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Those files are a few pics I downloaded.

I receieve an error from running the OTL fix code:
Cannot create file C:\Windows\System3\drivers\etc\Hosts
  • 0

#38
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Would you like to do a remote desktop via Teamviewer or something?
Just let you poke and prod around my OS. Or skype? Just trying to be more convenient and speedy about this process.

Edited by Matt Smith, 06 January 2012 - 02:13 AM.

  • 0

#39
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, just wanted to be sure you recognized those files.

Would you like to do a remote desktop via Teamviewer or something?
Just let you poke and prod around my OS. Or skype? Just trying to be more convenient and speedy about this process.

Posting on the forums is fine for right now.

Just so you're aware, the best time to find me online for a few hours is right around this time.

Try this script instead:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/12/24 20:02:04 | 000,000,355 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ussclean
    [2011/12/24 14:57:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\3nT222i2h.dat
    [2011/12/24 14:57:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\3nT222i2h.dat
    [2011/08/06 05:14:14 | 000,000,128 | ---- | C] () -- C:\Users\Mafu\AppData\Local\info.dat
    [2011/04/07 17:55:47 | 000,000,120 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\c677aaba.dat
    @Alternate Data Stream - 990 bytes -> C:\Program Files (x86)\Common Files\System:oeuinffjZc7KNhlzMWe48CD
    @Alternate Data Stream - 946 bytes -> C:\ProgramData\Microsoft:B2RaoTpiRxqjbekl1qxPODB
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 1116 bytes -> C:\ProgramData\Microsoft:O8Cw3ZuMk0KKzoe4mi9r
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 1006 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:t5GdSJVQ43HSE1awkQUmc
    :Files
    type C:\Windows\SysNative\drivers\etc\hosts /c
    type C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS /c
    type C:\Windows\SysWOW64\drivers\etc\hosts /c
    dir /s /a "C:\Users\Mafu\AppData\Roaming\System" /c
    dir /s /a "C:\Users\Mafu\AppData\Roaming\poclbm" /c
    dir /s /a "C:\Users\Mafu\AppData\Local\d7c12045" /c
    dir /s /a "C:\Users\Mafu\AppData\Roaming\wyUpdate AU" /c
    dir /s /a "C:\Program Files (x86)\937D8" /c
    attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
    attrib -r -h -s "C:\Windows\SysNative\drivers\etc\hosts"
    attrib -r -h -s "C:\Windows\SysWOW64\drivers\etc\hosts"
    del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
    del /q /f "C:\Windows\SysNative\drivers\etc\hosts"
    del /q /f "C:\Windows\SysWOW64\drivers\etc\hosts"
    echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
    echo 127.0.0.1 localhost > "C:\Windows\SysNative\drivers\etc\hosts"
    echo 127.0.0.1 localhost > "C:\Windows\SysWOW64\drivers\etc\hosts"
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Run FSS again, and post the log file it produces.
  • 1

#40
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL FIX LOG:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\SysNative\drivers\etc\hosts.ussclean moved successfully.
C:\ProgramData\3nT222i2h.dat moved successfully.
File C:\ProgramData\3nT222i2h.dat not found.
C:\Users\Mafu\AppData\Local\info.dat moved successfully.
C:\Users\Mafu\AppData\Roaming\c677aaba.dat moved successfully.
ADS C:\Program Files (x86)\Common Files\System:oeuinffjZc7KNhlzMWe48CD deleted successfully.
ADS C:\ProgramData\Microsoft:B2RaoTpiRxqjbekl1qxPODB deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Microsoft:O8Cw3ZuMk0KKzoe4mi9r deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:t5GdSJVQ43HSE1awkQUmc deleted successfully.
========== FILES ==========
< type C:\Windows\SysNative\drivers\etc\hosts /c >
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
184.95.41.155 www.google-analytics.com.
184.95.41.155 ad-emea.doubleclick.net.
184.95.41.155 www.statcounter.com.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< type C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS /c >
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
184.95.41.155 www.google-analytics.com.
184.95.41.155 ad-emea.doubleclick.net.
184.95.41.155 www.statcounter.com.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< type C:\Windows\SysWOW64\drivers\etc\hosts /c >
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Mafu\AppData\Roaming\System" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Users\Mafu\AppData\Roaming\System
02/25/2011 07:14 AM <DIR> .
02/25/2011 07:14 AM <DIR> ..
02/25/2011 09:27 AM 300 84f6bb.txt
1 File(s) 300 bytes
Total Files Listed:
1 File(s) 300 bytes
2 Dir(s) 52,024,033,280 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Mafu\AppData\Roaming\poclbm" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Users\Mafu\AppData\Roaming\poclbm
05/19/2011 10:08 PM <DIR> .
05/19/2011 10:08 PM <DIR> ..
08/05/2011 11:49 PM 742 poclbm.ini
1 File(s) 742 bytes
Total Files Listed:
1 File(s) 742 bytes
2 Dir(s) 52,024,033,280 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Mafu\AppData\Local\d7c12045" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Users\Mafu\AppData\Local\d7c12045
01/04/2012 01:16 AM <DIR> .
01/04/2012 01:16 AM <DIR> ..
12/21/2011 06:48 PM 2,048 @
1 File(s) 2,048 bytes
Total Files Listed:
1 File(s) 2,048 bytes
2 Dir(s) 52,024,033,280 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Mafu\AppData\Roaming\wyUpdate AU" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Users\Mafu\AppData\Roaming\wyUpdate AU
05/13/2011 12:34 AM <DIR> .
05/13/2011 12:34 AM <DIR> ..
05/13/2011 06:34 PM 186 a5436299-45e2-4c3a-bf46-89b0eac9f108.autoupdate
1 File(s) 186 bytes
Total Files Listed:
1 File(s) 186 bytes
2 Dir(s) 52,024,033,280 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Program Files (x86)\937D8" /c >
Volume in drive C has no label.
Volume Serial Number is 3859-37D8
Directory of C:\Program Files (x86)\937D8
12/21/2011 11:39 AM <DIR> .
12/21/2011 11:39 AM <DIR> ..
12/21/2011 11:39 AM 195,072 lvvm.exe
1 File(s) 195,072 bytes
Total Files Listed:
1 File(s) 195,072 bytes
2 Dir(s) 52,024,033,280 bytes free
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
File\Folder attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" not found.
File\Folder attrib -r -h -s "C:\Windows\SysNative\drivers\etc\hosts" not found.
File\Folder attrib -r -h -s "C:\Windows\SysWOW64\drivers\etc\hosts" not found.
Invalid Switch: f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
Invalid Switch: f "C:\Windows\SysNative\drivers\etc\hosts"
Invalid Switch: f "C:\Windows\SysWOW64\drivers\etc\hosts"
File\Folder echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" not found.
File\Folder echo 127.0.0.1 localhost > "C:\Windows\SysNative\drivers\etc\hosts" not found.
File\Folder echo 127.0.0.1 localhost > "C:\Windows\SysWOW64\drivers\etc\hosts" not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mafu
->Temp folder emptied: 65925 bytes
->Temporary Internet Files folder emptied: 945643 bytes
->Java cache emptied: 110554890 bytes
->FireFox cache emptied: 91991588 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 13043275 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 440462 bytes

Total Files Cleaned = 207.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mafu
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01062012_002038

Files\Folders moved on Reboot...
C:\Users\Mafu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements


#41
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
FSS:
Farbar Service Scanner
Ran by Mafu (administrator) on 06-01-2012 at 00:25:26
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 16:09] - [2009-07-13 17:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 16:09] - [2009-07-13 17:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 15:36] - [2009-07-13 17:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 15:39] - [2009-07-13 17:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-04-03 22:30] - [2010-12-20 22:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 16:36] - [2009-07-13 17:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 15:46] - [2009-07-13 17:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 15:49] - [2009-07-13 17:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#42
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Firewall is up and running!
  • 0

#43
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Great! Glad to hear you're able to run the Windows Firewall now.

I need for you to re-run OTL again, there was an error with a portion of my script dealing with the infected host file.

Please make sure you're running OTL as an Administrator.

You should see a bunch of black boxes appear and then disappear quickly. You probably won't be able to read them.

This is normal it's related to the OTL fix you're running.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Files
    C:\Users\Mafu\AppData\Roaming\System
    C:\Users\Mafu\AppData\Local\d7c12045
    C:\Program Files (x86)\937D8
    attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" /c
    attrib -r -h -s "C:\Windows\SysNative\drivers\etc\hosts" /c
    attrib -r -h -s "C:\Windows\SysWOW64\drivers\etc\hosts" /c
    del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" /c
    del /q /f "C:\Windows\SysNative\drivers\etc\hosts" /c
    del /q /f "C:\Windows\SysWOW64\drivers\etc\hosts" /c
    echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" /c
    echo 127.0.0.1 localhost > "C:\Windows\SysNative\drivers\etc\hosts" /c
    echo 127.0.0.1 localhost > "C:\Windows\SysWOW64\drivers\etc\hosts" /c
    sc start SDRSVC /c
    sc start VSS /c
    sc start wscsvc /c
    sc start wuauserv /c
    sc start BITS /c
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Run a new scan with ComboFix. It may prompt you to update to a newer version, please allow it to do so if it presents you with such a prompt.
  • 0

#44
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL: Now running Combofix...
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\Mafu\AppData\Roaming\System folder moved successfully.
C:\Users\Mafu\AppData\Local\d7c12045 folder moved successfully.
C:\Program Files (x86)\937D8 folder moved successfully.
< attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" /c >
Path not found - C:\WINDOWS\SYSTEM32\DRIVERS\ETC
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< attrib -r -h -s "C:\Windows\SysNative\drivers\etc\hosts" /c >
Access denied - C:\Windows\SysNative\drivers\etc\hosts
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< attrib -r -h -s "C:\Windows\SysWOW64\drivers\etc\hosts" /c >
Path not found - C:\Windows\SysWOW64\drivers\etc
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" /c >
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< del /q /f "C:\Windows\SysNative\drivers\etc\hosts" /c >
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< del /q /f "C:\Windows\SysWOW64\drivers\etc\hosts" /c >
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" /c >
127.0.0.1 localhost
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< echo 127.0.0.1 localhost > "C:\Windows\SysNative\drivers\etc\hosts" /c >
127.0.0.1 localhost
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< echo 127.0.0.1 localhost > "C:\Windows\SysWOW64\drivers\etc\hosts" /c >
127.0.0.1 localhost
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< sc start SDRSVC /c >
SERVICE_NAME: SDRSVC
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1848
FLAGS :
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< sc start VSS /c >
SERVICE_NAME: VSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 3972
FLAGS :
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< sc start wscsvc /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< sc start wuauserv /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< sc start BITS /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mafu\Desktop\cmd.bat deleted successfully.
C:\Users\Mafu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_003641

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#45
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. We are definitely making some progress here.

Lets see where we stand with the computer after I look over the ComboFix log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP