Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unrsponsive, loss of files, graphics card doesn't work properly, &


  • This topic is locked This topic is locked

#1
Griizzle

Griizzle

    Member

  • Member
  • PipPip
  • 22 posts
Hi, I hope someone can help!

I had a virus about 6 months ago and have to admit that I didn't do anything about it, other than attempting to delete it using the free version of 'Avast'. Initially, my computer literally wouldn't work, but after performing this step I had the basic functions of my computer back, which I have been using ever since. I have tried to restore the files using free software recommended on a forum (can't remember the name of the forum or software used, sorry!) but with no luck.

6 months on and it's still very unresponsive, and I've still got lots of missing files (mainly word documents, music files, pictures etc.). Until very recently I had no Start menu either, but I ran the unhide.exe program I found on another forum site and it seems to have worked. The main problem for me is that my graphics card appears to not be working properly. It has major issues establishing a connection whilst video calling someone on Skype, and won't play any games that require at least some level of graphics card, when it definately used to!

I'm sure someone can help as I've used this site before and got a solution. I will post the OTL reports I received below this text. As well as the initial 'OTL.txt' report, I also got an 'Extras.Txt' report that I will post aswell.

OTL logfile created on: 20/05/2012 22:04:52 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Grizzle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

892.46 Mb Total Physical Memory | 223.54 Mb Available Physical Memory | 25.05% Memory free
2.01 Gb Paging File | 1.10 Gb Available in Paging File | 54.74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0s:\pagefile.sys 16 1300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 24.75 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.40 Gb Free Space | 95.54% Space Free | Partition Type: NTFS

Computer Name: GRIZZLES-LAPTOP | User Name: Grizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 22:03:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Grizzle\Downloads\OTL.exe
PRC - [2012/05/20 21:56:06 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Grizzle\Downloads\unhide.exe
PRC - [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 13:34:50 | 002,408,448 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/25 02:32:59 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/11/28 16:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
PRC - [2007/11/14 15:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/10 11:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 15:10:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/14 15:06:09 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
MOD - [2012/05/14 15:04:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/14 14:24:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/14 14:23:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0ed12b32a03191e6415e12a061aeef5e\System.Windows.Forms.ni.dll
MOD - [2012/05/14 14:22:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c653820b5a3858c99eb5e524b1a71440\System.Drawing.ni.dll
MOD - [2012/05/14 14:16:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/14 14:15:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/08 23:47:35 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/20 11:29:25 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2007/11/28 16:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe -- (OsdService)
SRV - [2012/05/08 23:47:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SISGRKMD.sys -- (SiS6350)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Grizzle\AppData\Local\Temp\pnicml.sys -- (pnicml)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\ceio.sys -- (CEIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/06/25 12:32:58 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2009/06/25 12:32:58 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009/06/25 12:32:58 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2008/11/24 00:05:52 | 000,021,672 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/11/24 00:05:52 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/10/09 13:46:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/01/21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/11/15 21:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/08/07 22:39:00 | 000,283,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2006/09/27 04:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 07:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Grizzle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 23:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/04 17:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Extensions
[2012/05/02 20:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\extensions
[2012/04/26 00:18:32 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/09 16:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/18 21:56:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/08 23:47:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/08 23:47:34 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/24 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/08 23:47:34 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/08 23:47:34 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/08 23:47:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/08 23:47:34 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2009/04/06 16:22:27 | 000,304,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10481 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKCU..\Run: [GameShadow] C:\Program Files\GameShadow\GameShadow.exe /q File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [yHafnqNqpiqS.exe] C:\ProgramData\yHafnqNqpiqS.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CC8A12E-0595-46FA-A8D6-C9B508FC1557}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA71C4D1-05BE-42C3-B612-7DEC0507F700}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Grizzle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Grizzle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f64a572-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f64a572-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0f64a573-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f64a573-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0f64a58b-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f64a58b-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{78de747c-721d-11de-9360-00030d99e1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{78de747c-721d-11de-9360-00030d99e1ef}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{78de747e-721d-11de-9360-00030d99e1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{78de747e-721d-11de-9360-00030d99e1ef}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b6619e05-9600-11dd-a57f-00030d99e1ef}\Shell - "" = AutoRun
O33 - MountPoints2\{b6619e05-9600-11dd-a57f-00030d99e1ef}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{d1116928-c912-11dd-9908-00030d99e1ef}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daniusoft
[2012/05/20 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{1E3578C1-E2A5-4626-BC3F-ED5E9B8E9A46}
[2012/05/18 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{FC02EF42-0CF5-4FEB-B6F1-261156785ED7}
[2012/05/14 14:15:23 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{F562B9FD-A834-4A30-AC71-860215FCA2B4}
[2012/05/14 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{188AA393-93CE-4063-B96F-D2A6FC830D67}
[2012/05/09 19:47:43 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{C77AF45E-A34E-4303-A15E-A96A773A343A}
[2012/05/08 23:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/08 23:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/07 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{DA4945A5-2DA1-48D2-9EC8-D5ABE7F4B852}
[2012/05/01 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{938F9B0A-1FC6-490A-B34E-D27DE9A9A04D}
[2012/04/23 18:05:16 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{7E9DE419-15A8-4248-AC4A-F510CDAE518E}
[2012/04/21 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{2C284D28-CCAA-40C3-8CCB-AECB1E78D5B5}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 22:04:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 22:04:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 21:47:50 | 000,000,680 | ---- | M] () -- C:\Users\Grizzle\AppData\Local\d3d9caps.dat
[2012/05/20 18:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 12:41:25 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegistryConvoy.job
[2012/05/14 14:10:26 | 000,327,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/14 13:39:24 | 000,631,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/14 13:39:24 | 000,118,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 19:33:08 | 000,003,790 | ---- | M] () -- C:\Users\Grizzle\Desktop\Documents\Guitar1.jpg
[2012/05/02 21:21:27 | 000,002,595 | ---- | M] () -- C:\Users\Grizzle\Desktop\Microsoft Word.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/20 22:12:00 | 000,000,943 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/20 22:12:00 | 000,000,943 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/05/20 22:12:00 | 000,000,875 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/20 22:12:00 | 000,000,258 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/20 22:12:00 | 000,000,240 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/08 19:32:56 | 000,003,790 | ---- | C] () -- C:\Users\Grizzle\Desktop\Documents\Guitar1.jpg
[2011/11/05 21:22:33 | 000,000,312 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/05 21:22:33 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/05 21:22:21 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/24 19:16:45 | 000,000,011 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBuddy Login.ini
[2011/07/27 00:05:34 | 000,000,336 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBuddy_ThenWhenson.ini
[2011/07/26 22:11:48 | 000,000,048 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBot_Accounts.ini
[2011/06/17 21:39:46 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/17 18:49:33 | 000,000,552 | ---- | C] () -- C:\Users\Grizzle\AppData\Local\d3d8caps.dat
[2010/07/13 18:57:57 | 000,017,408 | ---- | C] () -- C:\Windows\System32\minimp3.exe

========== LOP Check ==========

[2010/10/18 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\BILEVSE
[2008/10/09 13:46:00 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\DAEMON Tools
[2012/04/15 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Electronic Arts
[2012/04/15 19:02:13 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\GetRightToGo
[2010/10/17 19:31:08 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Gogii
[2012/04/15 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\HandBrake
[2010/10/18 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\IObit
[2009/03/09 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\LimeWire
[2012/04/16 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Publish Providers
[2012/04/16 11:36:28 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Sony
[2011/09/20 09:50:32 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Spotify
[2011/08/29 01:28:43 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\TS3Client
[2011/08/28 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\ts3overlay
[2010/01/03 16:21:40 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Ulead Systems
[2012/05/20 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\uTorrent
[2009/06/07 13:02:15 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Windows Live Writer
[2012/05/19 12:41:25 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegistryConvoy.job
[2012/05/19 22:40:48 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >





OTL Extras logfile created on: 20/05/2012 22:04:52 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Grizzle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

892.46 Mb Total Physical Memory | 223.54 Mb Available Physical Memory | 25.05% Memory free
2.01 Gb Paging File | 1.10 Gb Available in Paging File | 54.74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0s:\pagefile.sys 16 1300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 24.75 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.40 Gb Free Space | 95.54% Space Free | Partition Type: NTFS

Computer Name: GRIZZLES-LAPTOP | User Name: Grizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011B7F96-C38D-4D00-9DF5-CE6491707383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03F7958A-FC4E-42CA-B052-2D4CB6CACA48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{063C6028-876F-48CE-85CF-5565F7CF45A6}" = rport=5358 | protocol=6 | dir=out | app=system |
"{102E82BB-54B4-4980-AE69-41E9AC65937B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15E07899-8E58-4BB7-8112-0B8785A73AD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EE22C98-634A-40BE-90AC-D08AC26F4D51}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F7575BE-928D-4848-94F5-CB85B6B4AC56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E9670D6-75CE-4DAB-AABF-FCA55A43DFC6}" = rport=5357 | protocol=6 | dir=out | app=system |
"{2F5DC678-FEA1-4DE7-A2F8-7564BD4FA27A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{323524C3-A056-453E-9BAE-26FC1ABA7AC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34B42122-140F-42EB-ABD3-6F8A28B99168}" = lport=139 | protocol=6 | dir=in | app=system |
"{35D4B6F3-AA4B-4485-9837-5953EA4805DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{428A1736-383C-4BC2-9A14-1AB91FDA0A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43BEEAED-B3F0-46B6-9520-8D2B47E4C179}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D021EF9-41D4-4C18-8EE7-656D8C12FE5B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F5F23D0-A7AA-4AF7-9C94-3E60828AA282}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5031DE94-3F8F-4A43-91CD-C48201F4F16C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B7F822F-6731-48A9-BA86-3C9D2C9CF630}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C977FF8-5E02-4DD6-8333-51205717F302}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E5158CA-8600-4B57-82CD-E7329F6EF3C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{66E82A91-65A2-4FDA-8473-67B46EB10CA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68DCD3BB-483C-406D-A322-896926493C0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F7CF263-5804-416A-AB43-923200D6DE52}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D7D1AF6-FB0C-4183-8DCF-C1C68A21DD49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81B39BEC-0792-40DB-BF0A-A7FF9DAB1FCC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85F8461E-E0DA-4CB4-86F7-63871C303F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{913E42C7-8AF8-4DA8-BCEE-2843D497DC05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96EC068A-7D1C-4B7C-B84D-016010B53302}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{9E630E12-8445-4379-8A47-51043860AB29}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A1D54193-2493-40C0-AF7E-003DA236F348}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A2FD8E77-FE4D-451D-9365-802FA7B4AB7C}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9374DDE-877F-4126-9E41-C8FAC4CAB9BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1605F92-6812-4BAD-B6EA-7F5206C2D917}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C73D2CAC-BD7C-44D8-A2F8-7AC01C0C29F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA48DD3D-74DD-452E-9864-B883F1F0A91C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D91364A9-E30C-4326-A81F-2BDC25EB74DD}" = lport=5358 | protocol=6 | dir=in | app=system |
"{DCCEF37E-4AA1-4E1C-904A-D6E90850076A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ECE8650B-1C56-4D63-918F-6737FC8E00EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF6FCD9A-196A-41D7-ACD9-538D59B7657F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8B262BF-1DC4-408F-922C-DA538B306491}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D90DF1-28F9-4EF6-80FB-258B49F68539}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{026ECB05-83EF-49D9-A29C-A22B288E4DD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08B72DDC-BF21-4382-A200-C66D6B9AA8F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C30635C-36A9-4138-B85E-7372392C9774}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{116687E3-6FBC-455F-AC26-8D17906703B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14CBB497-57DA-4CE9-8B66-EBBC54C4D1AD}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{21ED5722-C201-47FD-9096-8B0E036CBBE5}" = protocol=58 | dir=out | [email protected],-28546 |
"{254FE958-2D30-44FE-BC26-3D4B33C557D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{28A7727E-C5AB-4255-AE78-088DC0D81E0A}" = protocol=1 | dir=out | [email protected],-28544 |
"{321E1778-8FEF-4D6B-AE2C-523E6BE7D2C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33A8DFDE-5217-4A12-A4D0-3DCC0625E703}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{33F5C981-4CDC-4523-95D8-D594B02C2420}" = protocol=6 | dir=out | app=system |
"{54050873-3EAB-4108-9E03-800836D3D4FC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{5B17D916-F71A-483E-B989-D9EA19217769}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6624E564-5597-4BB6-9B7F-8931F4906037}" = protocol=58 | dir=in | [email protected],-28545 |
"{6BF05BA3-2D86-4FED-BE2A-A588572C85B8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6D229780-2423-4CF4-ADEC-FCE25CE4E20A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FF4D604-B5C6-4026-BBE2-A8B89E47A8DE}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{7959E082-958E-4F45-BCF3-21507C6DA221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C4F5AE5-90C2-4135-9DB1-39C414FB44A7}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{8EB10534-6756-4AEB-83C5-E25663DD4889}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{96554E03-5017-45C8-BAED-50A995D94479}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A5BE1D2A-3C2A-46E2-A3A6-71B1BC0E1913}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AEDCC2AF-3ABE-429F-9632-11D7B5CFB207}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B0801B1C-0F2D-41B3-8E79-2496FD44E841}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B349E2DA-9D3E-4DD7-A96E-6006064046B7}" = protocol=1 | dir=in | [email protected],-28543 |
"{B461D1BB-54C9-47EB-9888-C2AAFA133854}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{B55279E8-71F5-4124-A326-3C1C66DF396A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B58C0F50-2F48-4696-AF00-CCDF133550D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE09F1BC-B69D-476E-85E2-D0099D7D3A3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C107794C-D77B-4CE6-897E-FE85E20FA62D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{C883557E-A56C-4EAC-A9E6-10874BB28274}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB65121B-0F2F-4094-B873-4293CDADF61A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CD0D7B9E-11B9-43FC-B9CF-6DDA00C33BFE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{CD0F7816-8B7E-482D-A032-8FD7845C5E08}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{CD28C370-1857-4D9A-BC2E-C6F85E94AF9E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEED2987-9DDD-473C-96CB-7D43DF15603B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D11369F8-273E-495D-9787-01109B1CC506}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2306FE3-509A-4CF7-9650-64F597D17761}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{D3C248A4-9E68-45E8-BD3C-5DD2918051DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D42FDBAA-922C-49F9-92B9-285BBCE16C35}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{DE15ED25-5D30-4806-8E00-D3978401E272}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{E548ACF1-30A2-49DA-BDD5-FE57EFBE65C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAAF55EB-5E03-4ED2-9444-364F7AF2A528}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ED40AEF0-C5AE-4B08-9E0B-F27747FA2D88}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{EF8FCA22-B710-457B-ABCB-C77E2CEEB840}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47F5546-A5A2-4C45-A6C0-0FA70BE19A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F69B2DE6-9CD7-4970-8A33-447154FB97B1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{F9EA0F14-A997-46F4-9F7E-87FD6EA80337}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDA3615C-2189-4DAC-B550-5FEEE6C444CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{12B680F2-7AFA-44E1-A891-589313138C40}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{131E1602-37C6-456B-A161-5FEB7E585727}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3ABABA8E-D6C2-4CD2-9F37-D902ACE242E7}C:\users\grizzle\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\grizzle\program files\dna\btdna.exe |
"TCP Query User{58B39EBB-33D2-4A41-9363-F92BD3A56A82}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5FD0C117-8525-4A42-9F6A-BC72F3B7F341}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{65AD1F73-C600-499C-B7A0-F0B5202096D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6F1EF448-5719-4074-9E73-ABB970BEDBA3}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{79D357BE-C55C-4C5F-BB64-0AD809063A08}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{7E8A1F21-72E7-4F4B-8882-582BCCD5F061}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8078E4C4-9B95-408C-9F16-48C475608537}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{933A478C-DDF9-4363-A1F4-5A0230C48FC4}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{941A80E3-D605-4CC3-B60E-F18C55692F6A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{96DB2FFD-F6C2-474E-9754-868A039CF583}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{991F79B1-6669-41BF-99C9-A6C3407A0E48}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{99478D8D-28A0-48CC-82F8-CA26C812AEC8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A68FD514-75F3-4C5F-9C55-903D389473AF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E188B625-0C14-4DDA-9965-CF56760BDC03}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{E2950A71-22EE-43CA-8905-22C120EE9C22}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F6308739-01E7-4384-AFCC-3B4CD597F98E}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{FFDCADB9-1A38-4C58-9AEE-570BADCE29EE}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{139E409A-22CB-4AEC-9BDA-4AB5A20EC6AA}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{148BB692-1DA1-47F9-8C0C-7A41BA443813}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2056F818-BFE3-4CC2-9961-B4CFBBEE7ACF}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{32061C43-2703-4B14-91E9-53B55F3C2D4C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{474FF107-76D9-41E7-A363-7B6F8CD30C0A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{4C05D607-2272-428C-8804-92A81580D382}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{50B1ADBE-63B4-4061-A106-D450217C1714}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{541C8F5A-C29A-4A05-AF90-5B0BC1D04C05}C:\users\grizzle\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\grizzle\program files\dna\btdna.exe |
"UDP Query User{572EA2CF-279F-4F1D-A9DE-9ED3A1A52045}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{5FAF734D-BEA6-4423-BF74-4AE84AEDD879}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6177282C-8705-4444-AA6A-011FE44BCC36}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{71B8060B-278A-47F4-91DA-933C35A33222}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{7D2F6170-EEDF-4E9B-9027-DF6EF1E68BAA}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{A0597BCC-3B1D-4E68-AB9E-BF3F87CE470F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{AD18C961-4134-4849-A373-01A95D2DCFE7}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{CF128F48-D06B-40F2-B4BB-0B434187D680}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{D9242BA9-090D-4ECA-AEE3-B01CC355916D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E21D1FDC-F381-4B53-9989-275901F500A0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{FDB10F14-7229-43A6-A919-1217C144BBB0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FE47871C-B8F7-4996-B044-A476DEDDC135}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F414901-5ED4-11E1-86F3-F04DA23A5C58}" = Vegas Pro 11.0
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java™ SE Development Kit 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EA173EC-0349-4612-9F06-2106F49DC2B2}" = Game Capture HD MP4 Builder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4oD" = 4oD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Debut" = Debut Video Capture Software
"EPSON Printer and Utilities" = EPSON Printer Software
"InstallShield_{4EA173EC-0349-4612-9F06-2106F49DC2B2}" = Game Capture HD MP4 Builder
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NBFree Mp3 to Wav Converter v2_is1" = NBFree Mp3 to Wav Converter v2
"OpenAL" = OpenAL
"Recuva" = Recuva
"Spotify" = Spotify
"ToolBox" = NCH Toolbox
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Griizzle! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 2.

P2P Warning!:

IMPORTANT I have noticed that there are signs of several P2P (Peer to Peer) File Sharing Programs on your computer. (Limewire, uTorrent, uTorrent Toolbar, BitTorrentDNA, etc.)

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall all of them, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.


Step 3.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :processes
    killallprocesses
    
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Grizzle\AppData\Local\Temp\pnicml.sys -- (pnicml)
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    [2012/04/26 00:18:32 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O4 - HKCU..\Run: [yHafnqNqpiqS.exe] C:\ProgramData\yHafnqNqpiqS.exe File not found
    O33 - MountPoints2\{0f64a572-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f64a572-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{0f64a573-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f64a573-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{0f64a58b-688d-11de-be0e-001644d88bec}\Shell - "" = AutoRun
    O33 - MountPoints2\{0f64a58b-688d-11de-be0e-001644d88bec}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{78de747c-721d-11de-9360-00030d99e1ef}\Shell - "" = AutoRun
    O33 - MountPoints2\{78de747c-721d-11de-9360-00030d99e1ef}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{78de747e-721d-11de-9360-00030d99e1ef}\Shell - "" = AutoRun
    O33 - MountPoints2\{78de747e-721d-11de-9360-00030d99e1ef}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{b6619e05-9600-11dd-a57f-00030d99e1ef}\Shell - "" = AutoRun
    O33 - MountPoints2\{b6619e05-9600-11dd-a57f-00030d99e1ef}\Shell\AutoRun\command - "" = D:\autorun.exe
    O33 - MountPoints2\{d1116928-c912-11dd-9908-00030d99e1ef}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
    [2011/11/05 21:22:33 | 000,000,312 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/11/05 21:22:33 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/11/05 21:22:21 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2009/03/09 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\LimeWire
    [2012/05/20 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\uTorrent
    
    
    
    :files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 5.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Please post:

All RkReport.xt logs
OTL fix log
aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#3
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Grizzle [Admin rights]
Mode: Scan -- Date: 05/23/2012 19:19:21

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : yHafnqNqpiqS.exe (C:\ProgramData\yHafnqNqpiqS.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2919209743-3810618005-1679405863-1000[...]\Run : yHafnqNqpiqS.exe (C:\ProgramData\yHafnqNqpiqS.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM121HI ATA Device +++++
--- User ---
[MBR] c29ecb7fab9ef0bb9fb4d16db496e114
[BSP] 8141ec9ba57595acd159785ffe17cf51 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11266048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 14338048 | Size: 107471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Grizzle [Admin rights]
Mode: Remove -- Date: 05/23/2012 19:20:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : yHafnqNqpiqS.exe (C:\ProgramData\yHafnqNqpiqS.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM121HI ATA Device +++++
--- User ---
[MBR] c29ecb7fab9ef0bb9fb4d16db496e114
[BSP] 8141ec9ba57595acd159785ffe17cf51 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11266048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 14338048 | Size: 107471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Grizzle [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/23/2012 19:23:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 130 / Fail 0
My documents: Success 1 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 32 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 65 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[S:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



[Files/Folders - Modified Within 30 Days]
C:\Users\Grizzle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
[Files - No Company Name]
File C:\ProgramData\ezsidmv.dat not found!
File not found!
< End of fix log >
OTS by OldTimer - Version 3.1.19.3 fix logfile created on 01242010_184156



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 19:49:06
-----------------------------
19:49:06.347 OS Version: Windows 6.0.6002 Service Pack 2
19:49:06.347 Number of processors: 2 586 0xF0D
19:49:06.352 ComputerName: GRIZZLES-LAPTOP UserName: Grizzle
19:49:35.133 Initialize success
19:49:37.293 AVAST engine defs: 12052300
19:50:23.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:50:23.084 Disk 0 Vendor: SAMSUNG_HM121HI LZ100-08 Size: 114473MB BusType: 3
19:50:23.126 Disk 0 MBR read successfully
19:50:23.134 Disk 0 MBR scan
19:50:23.144 Disk 0 Windows VISTA default MBR code
19:50:23.179 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
19:50:23.216 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
19:50:23.235 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107471 MB offset 14338048
19:50:23.271 Disk 0 scanning sectors +234438656
19:50:23.353 Disk 0 scanning C:\Windows\system32\drivers
19:50:42.306 Service scanning
19:51:01.313 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:51:11.341 Modules scanning
19:51:40.914 Disk 0 trace - called modules:
19:51:40.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8562a1f8]<<
19:51:41.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d10ac8]
19:51:41.028 3 CLASSPNP.SYS[879c48b3] -> nt!IofCallDriver -> [0x8569b918]
19:51:41.048 5 acpi.sys[8720a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85699030]
19:51:41.067 \Driver\atapi[0x85671f38] -> IRP_MJ_CREATE -> 0x8562a1f8
19:51:44.164 AVAST engine scan C:\Windows
19:51:54.815 AVAST engine scan C:\Windows\system32
19:57:06.116 AVAST engine scan C:\Windows\system32\drivers
19:57:50.827 AVAST engine scan C:\Users\Grizzle
20:04:42.607 File: C:\Users\Grizzle\AppData\Local\Temp\trzEBD2.tmp **INFECTED** Win32:MalOb-HP [Cryp]
20:04:43.269 File: C:\Users\Grizzle\AppData\Local\Temp\~!#B843.tmp **INFECTED** Win32:MalOb-HP [Cryp]
20:27:03.957 AVAST engine scan C:\ProgramData
20:31:20.340 Scan finished successfully
20:40:04.126 Disk 0 MBR has been saved successfully to "C:\Users\Grizzle\Desktop\MBR.dat"
20:40:04.167 The log file has been saved successfully to "C:\Users\Grizzle\Desktop\aswMBR.txt"



OTL logfile created on: 23/05/2012 21:30:53 - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Grizzle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

892.46 Mb Total Physical Memory | 241.95 Mb Available Physical Memory | 27.11% Memory free
2.01 Gb Paging File | 1.32 Gb Available in Paging File | 65.75% Paging File free
Paging file location(s): c:\pagefile.sys 0 0s:\pagefile.sys 16 1300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 25.70 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.40 Gb Free Space | 95.54% Space Free | Partition Type: NTFS

Computer Name: GRIZZLES-LAPTOP | User Name: Grizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 22:03:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Grizzle\Downloads\OTL.exe
PRC - [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 13:34:50 | 002,408,448 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/28 16:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
PRC - [2007/11/14 15:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/10 11:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 14:23:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0ed12b32a03191e6415e12a061aeef5e\System.Windows.Forms.ni.dll
MOD - [2012/05/14 14:22:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c653820b5a3858c99eb5e524b1a71440\System.Drawing.ni.dll
MOD - [2012/05/14 14:16:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/14 14:15:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/08 23:47:35 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/11/28 16:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\C&E\OSD\OsdService\OsdService.exe -- (OsdService)
SRV - [2012/05/08 23:47:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/05/24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SISGRKMD.sys -- (SiS6350)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\ceio.sys -- (CEIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/06/25 12:32:58 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2009/06/25 12:32:58 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009/06/25 12:32:58 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2008/11/24 00:05:52 | 000,021,672 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/11/24 00:05:52 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/10/09 13:46:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/01/21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/11/15 21:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/08/07 22:39:00 | 000,283,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2006/09/27 04:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 07:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Grizzle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 23:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/04 17:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Extensions
[2012/05/23 19:39:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\extensions
[2012/01/09 16:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/18 21:56:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/08 23:47:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/08 23:47:34 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/24 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/08 23:47:34 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/08 23:47:34 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/08 23:47:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/08 23:47:34 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/05/23 19:39:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000..\Run: [GameShadow] C:\Program Files\GameShadow\GameShadow.exe /q File not found
O4 - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CC8A12E-0595-46FA-A8D6-C9B508FC1557}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA71C4D1-05BE-42C3-B612-7DEC0507F700}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Grizzle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Grizzle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 21:20:05 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{28E006A9-35E9-4DEA-9619-31F4AA42934C}
[2012/05/23 19:44:00 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{19D17F42-F0A5-4D8F-A44E-0876B9B199F8}
[2012/05/23 19:38:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/23 19:14:45 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\Desktop\RK_Quarantine
[2012/05/22 13:53:33 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\Adobe
[2012/05/22 12:10:27 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{4F427455-57E7-4DF5-A3FA-80794D9D65C2}
[2012/05/22 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{A67B6CD1-CD2D-4A40-8D38-861BA591E578}
[2012/05/21 22:41:40 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\Apple
[2012/05/21 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\Apple Computer
[2012/05/21 10:43:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{8BDACA4F-0286-4EE8-B8BB-EF6C07654527}
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012/05/20 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daniusoft
[2012/05/20 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{1E3578C1-E2A5-4626-BC3F-ED5E9B8E9A46}
[2012/05/18 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{FC02EF42-0CF5-4FEB-B6F1-261156785ED7}
[2012/05/14 14:15:23 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{F562B9FD-A834-4A30-AC71-860215FCA2B4}
[2012/05/14 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{188AA393-93CE-4063-B96F-D2A6FC830D67}
[2012/05/13 14:21:51 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/13 14:21:50 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/13 14:21:49 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/13 14:21:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/13 14:21:47 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/13 14:15:54 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/13 14:15:52 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/13 14:15:50 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 19:47:43 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{C77AF45E-A34E-4303-A15E-A96A773A343A}
[2012/05/08 23:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/08 23:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/07 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{DA4945A5-2DA1-48D2-9EC8-D5ABE7F4B852}
[2012/05/01 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Grizzle\AppData\Local\{938F9B0A-1FC6-490A-B34E-D27DE9A9A04D}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/23 21:17:47 | 000,000,680 | ---- | M] () -- C:\Users\Grizzle\AppData\Local\d3d9caps.dat
[2012/05/23 21:17:41 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 21:17:40 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 21:17:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 20:40:04 | 000,000,512 | ---- | M] () -- C:\Users\Grizzle\Desktop\MBR.dat
[2012/05/23 19:39:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/05/23 12:30:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegistryConvoy.job
[2012/05/14 14:10:26 | 000,327,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/14 13:39:24 | 000,631,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/14 13:39:24 | 000,118,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 19:33:08 | 000,003,790 | ---- | M] () -- C:\Users\Grizzle\Desktop\Documents\Guitar1.jpg
[2012/05/02 21:21:27 | 000,002,595 | ---- | M] () -- C:\Users\Grizzle\Desktop\Microsoft Word.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 20:40:04 | 000,000,512 | ---- | C] () -- C:\Users\Grizzle\Desktop\MBR.dat
[2012/05/20 22:12:00 | 000,000,943 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/20 22:12:00 | 000,000,943 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/05/20 22:12:00 | 000,000,875 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/20 22:12:00 | 000,000,258 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/20 22:12:00 | 000,000,240 | ---- | C] () -- C:\Users\Grizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/08 19:32:56 | 000,003,790 | ---- | C] () -- C:\Users\Grizzle\Desktop\Documents\Guitar1.jpg
[2011/09/24 19:16:45 | 000,000,011 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBuddy Login.ini
[2011/07/27 00:05:34 | 000,000,336 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBuddy_ThenWhenson.ini
[2011/07/26 22:11:48 | 000,000,048 | ---- | C] () -- C:\Users\Grizzle\AppData\Roaming\RSBot_Accounts.ini
[2011/06/17 21:39:46 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/17 18:49:33 | 000,000,552 | ---- | C] () -- C:\Users\Grizzle\AppData\Local\d3d8caps.dat
[2010/07/13 18:57:57 | 000,017,408 | ---- | C] () -- C:\Windows\System32\minimp3.exe

========== LOP Check ==========

[2010/10/18 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\BILEVSE
[2008/10/09 13:46:00 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\DAEMON Tools
[2012/04/15 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Electronic Arts
[2012/04/15 19:02:13 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\GetRightToGo
[2010/10/17 19:31:08 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Gogii
[2012/04/15 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\HandBrake
[2010/10/18 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\IObit
[2012/04/16 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Publish Providers
[2012/04/16 11:36:28 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Sony
[2011/09/20 09:50:32 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Spotify
[2011/08/29 01:28:43 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\TS3Client
[2011/08/28 23:12:54 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\ts3overlay
[2010/01/03 16:21:40 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Ulead Systems
[2009/06/07 13:02:15 | 000,000,000 | ---D | M] -- C:\Users\Grizzle\AppData\Roaming\Windows Live Writer
[2012/05/23 12:30:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegistryConvoy.job
[2012/05/22 20:16:38 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/03/03 00:42:40 | 000,073,728 | ---- | M] () -- C:\pv.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{05BE06DC-3811-419D-84E8-64B8E564A48B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5CC8A12E-0595-46FA-A8D6-C9B508FC1557}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{971602D0-A544-4B32-8B5C-044C91DF9C8F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{987C11CE-8822-4AE2-B942-4374268ABE36}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CA71C4D1-05BE-42C3-B612-7DEC0507F700}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/21 03:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 05 01 07 01 00 01 02 01 0A 01 08 01 06 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/08 23:47:34 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/08 23:47:34 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/08 23:47:34 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/16 04:03:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/16 04:03:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/16 04:03:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/16 04:03:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/03/16 04:03:54 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/08 23:47:34 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/08 23:47:34 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/08 23:47:34 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/08 23:47:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/16 04:03:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/16 04:03:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/16 04:03:51 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/16 04:03:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/03/16 04:03:54 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: GRIZZLES-LAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 S System NTFS Partition 1500 MB Healthy System
Volume 2 C Vista NTFS Partition 105 GB Healthy Boot

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 23/05/2012 21:30:53 - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Grizzle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

892.46 Mb Total Physical Memory | 241.95 Mb Available Physical Memory | 27.11% Memory free
2.01 Gb Paging File | 1.32 Gb Available in Paging File | 65.75% Paging File free
Paging file location(s): c:\pagefile.sys 0 0s:\pagefile.sys 16 1300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 25.70 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.40 Gb Free Space | 95.54% Space Free | Partition Type: NTFS

Computer Name: GRIZZLES-LAPTOP | User Name: Grizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011B7F96-C38D-4D00-9DF5-CE6491707383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03F7958A-FC4E-42CA-B052-2D4CB6CACA48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{063C6028-876F-48CE-85CF-5565F7CF45A6}" = rport=5358 | protocol=6 | dir=out | app=system |
"{102E82BB-54B4-4980-AE69-41E9AC65937B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15E07899-8E58-4BB7-8112-0B8785A73AD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EE22C98-634A-40BE-90AC-D08AC26F4D51}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F7575BE-928D-4848-94F5-CB85B6B4AC56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E9670D6-75CE-4DAB-AABF-FCA55A43DFC6}" = rport=5357 | protocol=6 | dir=out | app=system |
"{2F5DC678-FEA1-4DE7-A2F8-7564BD4FA27A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{323524C3-A056-453E-9BAE-26FC1ABA7AC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34B42122-140F-42EB-ABD3-6F8A28B99168}" = lport=139 | protocol=6 | dir=in | app=system |
"{35D4B6F3-AA4B-4485-9837-5953EA4805DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{428A1736-383C-4BC2-9A14-1AB91FDA0A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43BEEAED-B3F0-46B6-9520-8D2B47E4C179}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D021EF9-41D4-4C18-8EE7-656D8C12FE5B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F5F23D0-A7AA-4AF7-9C94-3E60828AA282}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5031DE94-3F8F-4A43-91CD-C48201F4F16C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B7F822F-6731-48A9-BA86-3C9D2C9CF630}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C977FF8-5E02-4DD6-8333-51205717F302}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E5158CA-8600-4B57-82CD-E7329F6EF3C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{66E82A91-65A2-4FDA-8473-67B46EB10CA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68DCD3BB-483C-406D-A322-896926493C0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F7CF263-5804-416A-AB43-923200D6DE52}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D7D1AF6-FB0C-4183-8DCF-C1C68A21DD49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81B39BEC-0792-40DB-BF0A-A7FF9DAB1FCC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85F8461E-E0DA-4CB4-86F7-63871C303F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{913E42C7-8AF8-4DA8-BCEE-2843D497DC05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96EC068A-7D1C-4B7C-B84D-016010B53302}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{9E630E12-8445-4379-8A47-51043860AB29}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A1D54193-2493-40C0-AF7E-003DA236F348}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A2FD8E77-FE4D-451D-9365-802FA7B4AB7C}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9374DDE-877F-4126-9E41-C8FAC4CAB9BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1605F92-6812-4BAD-B6EA-7F5206C2D917}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C73D2CAC-BD7C-44D8-A2F8-7AC01C0C29F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA48DD3D-74DD-452E-9864-B883F1F0A91C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D91364A9-E30C-4326-A81F-2BDC25EB74DD}" = lport=5358 | protocol=6 | dir=in | app=system |
"{DCCEF37E-4AA1-4E1C-904A-D6E90850076A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ECE8650B-1C56-4D63-918F-6737FC8E00EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF6FCD9A-196A-41D7-ACD9-538D59B7657F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8B262BF-1DC4-408F-922C-DA538B306491}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D90DF1-28F9-4EF6-80FB-258B49F68539}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{026ECB05-83EF-49D9-A29C-A22B288E4DD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08B72DDC-BF21-4382-A200-C66D6B9AA8F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C30635C-36A9-4138-B85E-7372392C9774}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{116687E3-6FBC-455F-AC26-8D17906703B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14CBB497-57DA-4CE9-8B66-EBBC54C4D1AD}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{21ED5722-C201-47FD-9096-8B0E036CBBE5}" = protocol=58 | dir=out | [email protected],-28546 |
"{254FE958-2D30-44FE-BC26-3D4B33C557D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{28A7727E-C5AB-4255-AE78-088DC0D81E0A}" = protocol=1 | dir=out | [email protected],-28544 |
"{321E1778-8FEF-4D6B-AE2C-523E6BE7D2C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33A8DFDE-5217-4A12-A4D0-3DCC0625E703}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{33F5C981-4CDC-4523-95D8-D594B02C2420}" = protocol=6 | dir=out | app=system |
"{54050873-3EAB-4108-9E03-800836D3D4FC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{5B17D916-F71A-483E-B989-D9EA19217769}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6624E564-5597-4BB6-9B7F-8931F4906037}" = protocol=58 | dir=in | [email protected],-28545 |
"{6BF05BA3-2D86-4FED-BE2A-A588572C85B8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6D229780-2423-4CF4-ADEC-FCE25CE4E20A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FF4D604-B5C6-4026-BBE2-A8B89E47A8DE}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{7959E082-958E-4F45-BCF3-21507C6DA221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C4F5AE5-90C2-4135-9DB1-39C414FB44A7}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{96554E03-5017-45C8-BAED-50A995D94479}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A5BE1D2A-3C2A-46E2-A3A6-71B1BC0E1913}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AEDCC2AF-3ABE-429F-9632-11D7B5CFB207}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B0801B1C-0F2D-41B3-8E79-2496FD44E841}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B349E2DA-9D3E-4DD7-A96E-6006064046B7}" = protocol=1 | dir=in | [email protected],-28543 |
"{B461D1BB-54C9-47EB-9888-C2AAFA133854}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{B55279E8-71F5-4124-A326-3C1C66DF396A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B58C0F50-2F48-4696-AF00-CCDF133550D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE09F1BC-B69D-476E-85E2-D0099D7D3A3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C107794C-D77B-4CE6-897E-FE85E20FA62D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{C883557E-A56C-4EAC-A9E6-10874BB28274}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CD0D7B9E-11B9-43FC-B9CF-6DDA00C33BFE}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{CD0F7816-8B7E-482D-A032-8FD7845C5E08}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{CD28C370-1857-4D9A-BC2E-C6F85E94AF9E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEED2987-9DDD-473C-96CB-7D43DF15603B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D11369F8-273E-495D-9787-01109B1CC506}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2306FE3-509A-4CF7-9650-64F597D17761}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{D3C248A4-9E68-45E8-BD3C-5DD2918051DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D42FDBAA-922C-49F9-92B9-285BBCE16C35}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{DE15ED25-5D30-4806-8E00-D3978401E272}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{E548ACF1-30A2-49DA-BDD5-FE57EFBE65C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAAF55EB-5E03-4ED2-9444-364F7AF2A528}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ED40AEF0-C5AE-4B08-9E0B-F27747FA2D88}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{EF8FCA22-B710-457B-ABCB-C77E2CEEB840}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47F5546-A5A2-4C45-A6C0-0FA70BE19A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F69B2DE6-9CD7-4970-8A33-447154FB97B1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{F9EA0F14-A997-46F4-9F7E-87FD6EA80337}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDA3615C-2189-4DAC-B550-5FEEE6C444CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{12B680F2-7AFA-44E1-A891-589313138C40}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{131E1602-37C6-456B-A161-5FEB7E585727}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3ABABA8E-D6C2-4CD2-9F37-D902ACE242E7}C:\users\grizzle\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\grizzle\program files\dna\btdna.exe |
"TCP Query User{58B39EBB-33D2-4A41-9363-F92BD3A56A82}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5FD0C117-8525-4A42-9F6A-BC72F3B7F341}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{65AD1F73-C600-499C-B7A0-F0B5202096D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6F1EF448-5719-4074-9E73-ABB970BEDBA3}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{79D357BE-C55C-4C5F-BB64-0AD809063A08}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{7E8A1F21-72E7-4F4B-8882-582BCCD5F061}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8078E4C4-9B95-408C-9F16-48C475608537}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{933A478C-DDF9-4363-A1F4-5A0230C48FC4}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{941A80E3-D605-4CC3-B60E-F18C55692F6A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{96DB2FFD-F6C2-474E-9754-868A039CF583}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{991F79B1-6669-41BF-99C9-A6C3407A0E48}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{99478D8D-28A0-48CC-82F8-CA26C812AEC8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A68FD514-75F3-4C5F-9C55-903D389473AF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E188B625-0C14-4DDA-9965-CF56760BDC03}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{E2950A71-22EE-43CA-8905-22C120EE9C22}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F6308739-01E7-4384-AFCC-3B4CD597F98E}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{FFDCADB9-1A38-4C58-9AEE-570BADCE29EE}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{139E409A-22CB-4AEC-9BDA-4AB5A20EC6AA}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{148BB692-1DA1-47F9-8C0C-7A41BA443813}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2056F818-BFE3-4CC2-9961-B4CFBBEE7ACF}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{32061C43-2703-4B14-91E9-53B55F3C2D4C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{474FF107-76D9-41E7-A363-7B6F8CD30C0A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{4C05D607-2272-428C-8804-92A81580D382}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{50B1ADBE-63B4-4061-A106-D450217C1714}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{541C8F5A-C29A-4A05-AF90-5B0BC1D04C05}C:\users\grizzle\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\grizzle\program files\dna\btdna.exe |
"UDP Query User{572EA2CF-279F-4F1D-A9DE-9ED3A1A52045}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{5FAF734D-BEA6-4423-BF74-4AE84AEDD879}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6177282C-8705-4444-AA6A-011FE44BCC36}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{71B8060B-278A-47F4-91DA-933C35A33222}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{7D2F6170-EEDF-4E9B-9027-DF6EF1E68BAA}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{A0597BCC-3B1D-4E68-AB9E-BF3F87CE470F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{AD18C961-4134-4849-A373-01A95D2DCFE7}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{CF128F48-D06B-40F2-B4BB-0B434187D680}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{D9242BA9-090D-4ECA-AEE3-B01CC355916D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E21D1FDC-F381-4B53-9989-275901F500A0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{FDB10F14-7229-43A6-A919-1217C144BBB0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FE47871C-B8F7-4996-B044-A476DEDDC135}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java™ SE Development Kit 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4oD" = 4oD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"EPSON Printer and Utilities" = EPSON Printer Software
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Recuva" = Recuva
"Spotify" = Spotify
"ToolBox" = NCH Toolbox
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2919209743-3810618005-1679405863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please run the OTL fix and post that log also!
If you already ran it you do not need to re run it just post the fix log.

Please give me an update on how the computer is running now.
  • 0

#5
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
[Files/Folders - Modified Within 30 Days]
C:\Users\Grizzle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
[Files - No Company Name]
File C:\ProgramData\ezsidmv.dat not found!
File not found!
< End of fix log >
OTS by OldTimer - Version 3.1.19.3 fix logfile created on 01242010_184156





This is the only fix log I could find, not sure if it's the right one. When I ran the fix, an error message came up saying that it had 'encountered a critical problem' and restarted itself. I tried to run it again but it just blue-screened. Every other step you gave me to complete I managed to do with no problems.

Computer seems to be running better, still a bit laggy though but it is 4 years old now!

Thanks for the help so far!
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

#7
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 12-05-28.02 - Grizzle 28/05/2012 16:44:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.892.399 [GMT 1:00]
Running from: c:\users\Grizzle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Grizzle\AppData\Roaming\BILEVSE
c:\users\Grizzle\AppData\Roaming\BILEVSE\RegistryConvoy2009\Backup\Registry\20101018165130.reg
c:\users\Grizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Grizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Grizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\tmp15CF.tmp
c:\windows\system32\tmp161F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 16:04 . 2012-05-28 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 16:04 . 2012-05-28 16:05 -------- d-----w- c:\users\Grizzle\AppData\Local\temp
2012-05-28 16:00 . 2012-05-28 16:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC2F24CB-BFE4-4434-8A6B-587DECAFA017}\offreg.dll
2012-05-25 11:19 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC2F24CB-BFE4-4434-8A6B-587DECAFA017}\mpengine.dll
2012-05-23 18:38 . 2012-05-23 18:39 -------- d-----w- C:\_OTL
2012-05-22 12:53 . 2012-05-22 12:53 -------- d-----w- c:\users\Grizzle\AppData\Local\Adobe
2012-05-21 21:41 . 2012-05-21 21:41 -------- d-----w- c:\users\Grizzle\AppData\Local\Apple
2012-05-21 21:40 . 2012-05-21 21:40 -------- d-----w- c:\users\Grizzle\AppData\Local\Apple Computer
2012-05-13 13:21 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 13:21 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-13 13:21 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-13 13:21 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-13 13:21 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-13 13:20 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 13:20 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 13:19 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 13:19 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-13 13:19 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 13:19 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 13:19 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 13:19 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-13 13:15 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 13:15 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 13:15 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 22:47 . 2012-05-08 22:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 22:47 . 2012-05-08 22:47 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 22:47 . 2012-05-08 22:47 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 16:32 . 2012-04-06 16:32 1288192 ----a-w- c:\windows\system32\VSFilter.dll
2012-04-06 16:32 . 2012-04-06 16:32 472576 ----a-w- c:\windows\system32\AviSplitter.ax
2012-04-06 16:32 . 2012-04-06 16:32 548352 ----a-w- c:\windows\system32\MatroskaSplitter.ax
2012-03-16 03:03 . 2012-03-16 03:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 03:03 . 2012-03-16 03:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 03:03 . 2012-03-16 03:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 03:03 . 2012-03-16 03:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 03:03 . 2012-03-16 03:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 03:03 . 2012-03-16 03:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 03:03 . 2012-03-16 03:03 367104 ----a-w- c:\windows\system32\html.iec
2012-03-16 03:03 . 2012-03-16 03:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 03:03 . 2012-03-16 03:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 03:03 . 2012-03-16 03:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 03:03 . 2012-03-16 03:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 03:03 . 2012-03-16 03:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 03:03 . 2012-03-16 03:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 03:03 . 2012-03-16 03:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 03:03 . 2012-03-16 03:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 03:03 . 2012-03-16 03:03 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 03:03 . 2012-03-16 03:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 15:11 . 2012-04-15 17:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-15 17:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-15 17:11 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-15 17:11 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-08 22:47 . 2012-04-24 13:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MRT"="c:\windows\system32\MRT.exe" [2012-05-14 55656824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-9-25 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Grizzle\AppData\Roaming\Mozilla\Firefox\Profiles\et4eyd27.default\
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-GameShadow - c:\program files\GameShadow\GameShadow.exe
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 17:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2919209743-3810618005-1679405863-1000\Software\SecuROM\License information*]
"datasecu"=hex:7a,a6,d7,e3,25,12,e1,e7,39,87,5c,53,e7,7d,f1,97,54,37,d1,59,48,
d1,80,1b,d7,86,c4,94,c2,11,8c,3a,08,2a,0e,62,45,76,46,fb,89,30,be,5b,04,53,\
"rkeysecu"=hex:7a,5c,7f,2c,95,fc,15,4f,bc,16,56,1d,e8,14,1b,d5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-28 17:12:50
ComboFix-quarantined-files.txt 2012-05-28 16:12
ComboFix2.txt 2009-04-06 15:05
.
Pre-Run: 27,009,253,376 bytes free
Post-Run: 26,817,110,016 bytes free
.
- - End Of File - - 2D2A7905745FF2CB48231CAC0D399AC1
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
How is your computer running now?
  • 0

#9
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Seems to be running fine thanks, a lot more responsive and no apparent lag.

Not had chance to try out Skype yet to see if the connection is any better. Should these steps have made sure the graphics card will run properly again aswell?

Thanks again for your help
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK we have a few steps to go to clean your machine:


Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

Advertisements


#11
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Grizzle :: GRIZZLES-LAPTOP [administrator]

28/05/2012 23:08:58
mbam-log-2012-05-28 (23-08-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197844
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)









[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c44a684847c4af43857cb47f6af10fe3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-29 01:22:27
# local_time=2012-05-29 02:22:27 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 74237984 74237984 0 0
# compatibility_mode=1028 16777214 0 5 74237032 83512096 0 0
# compatibility_mode=5892 16776574 100 100 21644 175776891 0 0
# compatibility_mode=8192 67108863 100 0 249 249 0 0
# scanned=136287
# found=5
# cleaned=5
# scan_time=10382
C:\Users\Grizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SMY8ON33\home[1].htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Grizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SMY8ON33\home[2].htm Win32/Ramnit.A virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Grizzle\Downloads\epicbot_520.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Grizzle\Downloads\Tiesto_-_Club_Life_Volume_Two_(2012-Album)_(320kbps).exe Win32/Adware.1ClickDownload application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Grizzle\Downloads\FL Studio 9\flstudio_9.0.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C








Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 6 Update 26
Java™ 7 Update 4
Java™ SE Development Kit 6 Update 26
Java DB 10.6.2.1
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````




Computer seems fine, I will reboot it and see how it performs, then edit this post.

EDIT: seems to be running the same as before, no noticeable improvement in running speed. An administrator message pops up on start-up asking me if I want to continue with opening 'Windows malicious software removal tool', which I cancel every time. Is this a trusted program?

EDIT 2: Another message came up titled 'Install IQ Updater' asking me if I want to install the update. I clicked on yes and Avast! popped up saying that it had blocked some adware from infecting my laptop. The laptop seems fine and Avast! seems to have done its job. Close call!

Edited by Griizzle, 29 May 2012 - 04:22 AM.

  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Windows malicious software removal tool'

This is legitimate. A new version automatically comes with monthly updates to run.


Install IQ Updater

This may have some traces on your machine to remove. Check in your uninstall list:

Click Start >> Control Panel >> Add/Remove programs

If you see anything with IQ in the name that you do not use then you should uninstall it.


We also need to do some minor updates to add to your security protection:

Step 1.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


Step 2.

Update adobe flash player

We need to uninstall the existing flash player(s). Please go here
Follow steps 1. to 4.
Once flash player is uninstalled go on to the next paragraph.

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Make sure to uncheck the install of the McAfee tool before downloading. You will need to select your operating system (Windows Vista 32-Bit) and then each version to download and install separately.


Step 3.

Please let me know if there have been any changes.



  • 0

#13
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I've implemented all the changes and it all seems to be running fine still. Again, no real noticeable changes in speed, however, programs seem to be more responsive (FireFox, IE, My Computer, Downloads etc.)

Still not had chance to run Skype properly to see if the connection holds for more than a few seconds.

No longer any programs containing 'IQ', and the IQ installer pop-up hasn't appeared the past couple of times I have restarted my computer.

Thanks again for your help so far!
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK next we will check the disc and then the file structure

  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so

Posted Image

Once completed

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator
Posted Image

In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow

Posted Image

After all this is completed could you update me on the problems being experienced
  • 0

#15
Griizzle

Griizzle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Both of those steps don't appear to have done anything really in all honesty!

After performing the command prompt scan, it said that corrupt files were found but some of them couldn't be fixed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP