Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Firewall settings can't display, errors on win boot, can't acc

Started by Scumgriever , Aug 07 2012 04:59 AM

This topic is locked

#1
Scumgriever

Posted 07 August 2012 - 04:59 AM

New Member

Member
5 posts

Hi,
I'm still running XP without any worries until a couple of days when ago Microsoft Security Essential found and removed a trojan from my computer. I can't remember what it was called and can't find where MSE saved a log (if anywhere).

Since then I haven't been able to access any Microsoft sites or any sites belonging to any of the major antivirus players. Avast.com, Mcaffee.com, symantec-norton.com, even malwarebytes.org
Also When I try to go to manage the security setting for windows firewall in Security Center I get an error message saying "Due to an unidentified problem, Windows cannot display Windows Firewall Settings."

I also get an error message when I start up my computer (once the desktop loads) which says "error 8007007E in connect server: the specified module could not be found."

and another which says "error 800401F0 in co create instance: co-initialize has not been called"

MBAM found a number of Exploit.Drop.3P files and a registry key and value which it says it removed successfully.

Thats all I know. Any help will be super appreciated.
Thanks in advance.

OTL log follows.

OTL logfile created on: 7/08/2012 7:02:51 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Scumgriever\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.63% Memory free
4.94 Gb Paging File | 3.84 Gb Available in Paging File | 77.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 7.99 Gb Free Space | 5.36% Space Free | Partition Type: NTFS
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCUMTOP | User Name: Scumgriever | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:02:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scumgriever\My Documents\Downloads\OTL.exe
PRC - [2012/07/31 15:36:16 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/05/18 19:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/04/20 15:59:04 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/04/20 15:59:02 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/02 17:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/24 09:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 17:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/05/28 23:28:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/05/18 17:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/04/20 13:02:04 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2011/04/19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/07/07 05:32:04 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/02/09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2009/10/10 01:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/05/14 14:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/03/11 21:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2006/11/14 00:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/05/24 18:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/24 18:27:10 | 001,372,244 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/31 15:36:14 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 15:36:13 | 012,235,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/31 15:36:12 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 15:34:45 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 15:34:43 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 15:34:42 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2012/06/16 14:38:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/16 13:55:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/16 13:55:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/16 13:51:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/18 19:04:54 | 000,252,408 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/05/18 19:04:54 | 000,067,576 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2012/05/18 19:04:44 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2012/05/18 19:04:44 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2012/05/18 19:04:44 | 000,019,456 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/05/18 19:04:42 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2012/05/18 19:04:42 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2012/05/11 16:40:46 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 16:36:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 16:33:07 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 16:32:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 09:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/05/27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/04/19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2011/04/19 15:29:42 | 000,132,608 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2010/11/22 00:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/02/09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
MOD - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
MOD - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/14 14:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/04/25 10:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/05/24 18:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/04 20:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/06/24 12:43:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 15:59:04 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/29 19:19:06 | 000,017,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2011/06/17 17:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/05/27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/04/19 15:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/07/07 05:32:04 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/02/09 14:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/10/10 01:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/29 23:49:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/14 00:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/11/13 21:59:52 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/08/07 18:46:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/07 18:28:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E461BF3-1DE1-48CA-8B79-0F10ADC13E57}\MpKslb56ebfea.sys -- (MpKslb56ebfea)
DRV - [2011/10/01 13:31:17 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/04/30 22:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 22:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 21:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009/10/20 17:47:46 | 000,113,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/10 00:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/10 13:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/11 13:15:40 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/07/27 12:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/09 12:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/22 15:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 04:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/14 04:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/06 17:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/24 06:08:00 | 000,024,832 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/13 21:38:28 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2006/11/13 21:38:24 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/11/13 21:37:58 | 000,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/11/13 21:37:42 | 000,015,488 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/11/13 21:36:36 | 000,109,056 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2006/11/02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 17:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/05/24 18:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 18:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 18:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 18:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 18:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 18:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 17:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 17:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {69D2EEF5-8C76-41DF-B213-E2168DCB5383}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{69D2EEF5-8C76-41DF-B213-E2168DCB5383}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 199.197.2.183:80

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/13 16:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/28 23:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/18 05:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/24 12:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 00:34:24 | 000,000,000 | ---D | M]

[2012/06/04 22:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Extensions
[2012/06/04 22:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Extensions\[email protected]
[2012/07/20 07:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions
[2012/07/20 07:24:14 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/07/07 03:16:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/19 07:26:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/30 05:45:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/11 06:18:14 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions\[email protected]
[2011/12/27 22:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/18 05:43:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/06/24 12:43:53 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/11/10 04:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/24 12:43:49 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/24 12:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/24 12:43:49 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/24 12:43:49 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/24 12:43:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/24 12:43:49 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Late Night = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2009/07/30 01:15:02 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Eritutewf] C:\Documents and Settings\Scumgriever\Application Data\Tauhn\unsy.exe ()
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1267493267875 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AD51059-95BD-43DA-9315-19CC982DBEE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Overwolf\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scumgriever\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/25 02:57:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/14 20:29:29 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005/04/16 05:22:23 | 000,000,038 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{12623f26-2c0c-11df-921d-001d09d17ce4}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{43b58716-0f3c-11e1-bd63-001dd9e5135b}\Shell - "" = AutoRun
O33 - MountPoints2\{43b58716-0f3c-11e1-bd63-001dd9e5135b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43b58716-0f3c-11e1-bd63-001dd9e5135b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{816b07d4-52c2-11df-9227-001d09d17ce4}\Shell - "" = AutoRun
O33 - MountPoints2\{816b07d4-52c2-11df-9227-001d09d17ce4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{816b07d4-52c2-11df-9227-001d09d17ce4}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cbf97db6-0e7a-11e1-bd62-001dd9e5135b}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf97db6-0e7a-11e1-bd62-001dd9e5135b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbf97db6-0e7a-11e1-bd62-001dd9e5135b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cbf97db9-0e7a-11e1-bd62-001dd9e5135b}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf97db9-0e7a-11e1-bd62-001dd9e5135b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbf97db9-0e7a-11e1-bd62-001dd9e5135b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 18:46:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/05 19:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/08/05 16:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\Application Data\Malwarebytes
[2012/08/05 16:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 16:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/05 16:16:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/05 16:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/05 03:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2012/08/05 03:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/05 03:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\Local Settings\Application Data\PCHealth
[2012/07/30 20:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\My Documents\testags
[2012/07/30 19:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\My Documents\My Saved Games
[2012/07/20 07:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\Application Data\Tauhn
[2012/07/20 07:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\Application Data\Ogesen
[2012/07/20 07:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\Application Data\Aximry
[2012/07/17 22:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adventure Game Studio 3.2.1
[2012/07/17 22:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adventure Game Studio 3.2.1
[2012/07/17 00:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\Application Data\freac
[2012/07/17 00:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\freac - free audio converter
[2012/07/17 00:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\freac
[2012/07/12 15:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scumgriever\My Documents\goodhope concert
[2010/02/10 10:25:06 | 000,083,456 | ---- | C] (Sydney University) -- C:\Program Files\University Internet.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/07 19:08:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 18:46:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/07 18:36:30 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/07 18:36:19 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/07 18:27:14 | 000,406,697 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/08/07 18:26:27 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-436374069-484763869-839522115-1003.job
[2012/08/07 18:26:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 18:26:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/07 18:26:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/07 18:26:11 | 3219,169,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 11:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/05 03:09:32 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/05 02:54:21 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-484763869-839522115-1003.job
[2012/08/05 00:11:03 | 000,406,697 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/07/30 21:44:59 | 000,043,838 | ---- | M] () -- C:\Documents and Settings\Scumgriever\Desktop\pie.jpg
[2012/07/30 21:44:07 | 000,226,109 | ---- | M] () -- C:\Documents and Settings\Scumgriever\Desktop\photo.htm
[2012/07/18 19:26:55 | 002,181,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/18 18:54:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/17 17:39:49 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Scumgriever\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/07 18:26:11 | 3219,169,280 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/05 03:19:12 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/05 03:19:11 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/05 03:10:16 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\Scumgriever\Local Settings\Application Data\{0726c64a-6faa-d2d9-aad7-39a4981838b1}\U\00000001.@
[2012/08/05 03:09:13 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/05 03:05:01 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/07/30 21:45:08 | 000,043,838 | ---- | C] () -- C:\Documents and Settings\Scumgriever\Desktop\pie.jpg
[2012/07/30 21:44:11 | 000,226,109 | ---- | C] () -- C:\Documents and Settings\Scumgriever\Desktop\photo.htm
[2012/06/18 16:22:17 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/02/16 09:16:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/05 22:55:06 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/05 22:55:02 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/05 22:55:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/05 22:54:30 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/12/24 05:10:46 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 22:27:10 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/18 22:27:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/18 22:27:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/18 22:11:47 | 000,035,609 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/08 00:04:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/22 02:36:36 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/22 02:02:09 | 000,214,720 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/09/22 02:01:53 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/09/22 02:01:53 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/10/18 23:59:14 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/07/26 03:56:03 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Scumgriever\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/04 20:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{0726c64a-6faa-d2d9-aad7-39a4981838b1}\@
[2004/08/04 20:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Scumgriever\Local Settings\Application Data\{0726c64a-6faa-d2d9-aad7-39a4981838b1}\@

========== LOP Check ==========

[2012/01/13 22:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/12/17 03:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2009/07/25 17:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/05/17 21:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011/12/17 03:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2010/09/01 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/10/01 13:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/22 02:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/08/13 16:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/08/13 21:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/08/13 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/17 06:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/04 22:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/08/20 04:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2012/01/14 18:07:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{018739C5-9E1C-4C10-A298-77A80A04AD61}
[2012/01/14 18:31:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}
[2012/01/15 14:45:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13E67FA2-BFF0-4FB9-99FF-F2B7E480E626}
[2012/01/15 14:32:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1CF3FE7A-4381-41EA-A1FD-F70233A9A42E}
[2010/07/13 16:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/15 14:12:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{458F3F08-8039-46F2-BF3A-F5115518ED16}
[2012/01/14 18:34:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5D4AD7AA-51B3-4EF1-8DBC-4D6CBFF4668D}
[2012/01/14 18:13:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6268CC84-62BB-4890-B980-FC891FC3470E}
[2012/01/15 04:02:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6BA6A5D8-137C-4CEA-8BBE-6AE00E2D8863}
[2010/02/22 00:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/01/14 18:31:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7989FF88-7C99-4E86-9CEE-937493D5A176}
[2012/01/15 03:50:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{86190A21-318C-4B3A-9297-DC38C1C465BC}
[2009/08/04 22:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/14 18:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{954361E8-665B-4E93-918D-21C1F708FBD8}
[2012/01/14 18:35:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9A2A3E5C-C9D5-46BD-9031-F6E91E419956}
[2012/01/15 17:09:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9EA9F3B6-4422-49A7-8BC0-B8C3C310B956}
[2012/01/15 15:11:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A1CE61C9-A3B8-4E0E-ADEE-E237C381C954}
[2012/01/15 17:09:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AE681438-D566-42AE-BBB8-7141C47E0985}
[2012/01/14 18:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B2E03B0D-9848-462A-9AC1-6E4676488C5C}
[2012/01/14 17:53:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2012/01/14 18:34:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B7478C7F-3B59-4A91-8444-8F818E5672C0}
[2012/01/14 18:31:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BAF9AC5D-AA3E-4138-92BE-340E0F0D21EA}
[2012/01/14 18:04:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC727A25-34B7-4B46-9D69-E54457E6DD1C}
[2012/01/14 18:35:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8183278-0B84-457C-AE54-DCA354CEDDD7}
[2012/01/14 18:26:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D15CE785-FD15-4860-807A-3B68400084D3}
[2012/01/15 02:56:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D57FC652-C588-47E5-96A5-2064740A56A5}
[2012/01/15 05:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D60B3BBC-C177-4D7A-B4F6-13B5AF452E04}
[2012/01/15 04:45:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DCB3384C-CF87-4E37-8561-DAD854BEBFCD}
[2012/01/15 04:16:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F72E3A60-3111-406A-B539-69D64E8BF25B}
[2012/01/15 15:38:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{FCB4E5DF-D134-4F71-861A-5EB315418DA1}
[2012/06/09 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\.minecraft
[2012/01/16 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Ableton
[2012/08/05 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Aximry
[2012/07/22 05:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Azureus
[2009/07/25 18:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Blue Cat Audio
[2011/10/01 13:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\DAEMON Tools Lite
[2012/01/18 06:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\DDMSettings
[2012/07/30 17:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Digidesign
[2011/08/20 19:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Easeware
[2011/10/29 19:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\FileZilla
[2009/09/05 16:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\FireShot
[2012/07/17 00:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\freac
[2010/09/22 02:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\id Software
[2010/08/18 18:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\JAM Software
[2009/08/24 21:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Leadertech
[2012/04/20 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\LucasArts
[2009/07/30 18:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Mount&Blade
[2010/06/25 23:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Mount&Blade Warband
[2010/07/05 21:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Nokia
[2012/07/20 07:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Ogesen
[2009/07/28 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\OpenOffice.org
[2010/08/13 21:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\PACE Anti-Piracy
[2012/01/23 02:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\PacificPoker
[2011/11/10 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\PC Suite
[2012/05/23 01:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\PriceGong
[2012/04/18 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Processing
[2012/04/24 22:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\ScummVM
[2011/07/19 22:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Seagate
[2012/07/20 07:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Tauhn
[2009/07/28 02:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\Thunderbird
[2012/06/04 22:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\TomTom
[2012/02/27 13:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scumgriever\Application Data\TuneUpMedia
[2009/11/08 03:33:14 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1248881498.job
[2010/01/18 03:29:48 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2012/08/07 18:36:19 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/08/01 22:39:26 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Scumgriever\?????????????????????????????????????????????????l) -- C:\Documents and Settings\Scumgriever\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳捓浵牧敩敶屲灁汰捩瑡潩⁮慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮⹳浸l
[2009/08/01 22:39:25 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Scumgriever\?????????????????????????????????????????????????) -- C:\Documents and Settings\Scumgriever\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳捓浵牧敩敶屲灁汰捩瑡潩⁮慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
[2009/08/01 22:39:25 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Scumgriever\?????????????????????????????????????????????????l) -- C:\Documents and Settings\Scumgriever\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳捓浵牧敩敶屲灁汰捩瑡潩⁮慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮獜瑥楴杮⹳浸l
[2009/08/01 22:39:25 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Scumgriever\?????????????????????????????????????????????????) -- C:\Documents and Settings\Scumgriever\㩃䑜捯浵湥獴愠摮匠瑥楴杮屳捓浵牧敩敶屲灁汰捩瑡潩⁮慄慴䡜睥敬瑴倭捡慫摲䑜杩瑩污䤠慭楧杮摜癥捩獥砮汭
(C:\Documents and Settings\All Users\Start Menu\Programs\???????) -- C:\Documents and Settings\All Users\Start Menu\Programs\數據機診斷工具

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:642D03E5F79B49A2
@Alternate Data Stream - 1390 bytes -> C:\Program Files\Common Files\System:TMYcjuNETge6Qj7MUsI
@Alternate Data Stream - 1340 bytes -> C:\Program Files\WindowsUpdate:I906PvpAFyzirRVvcJpLfYh
@Alternate Data Stream - 1324 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ptnxkVL2iqbrVnFmpGBOm0cmihO
@Alternate Data Stream - 1286 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ODgNwyvx0lhSW3aMILOUXHuTTGLv
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 1240 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0clE2i2XRuLw34cEHgYxm
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC680CD1

< End of report >

#2
Essexboy

Posted 07 August 2012 - 08:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets see if we can fix this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKCU..\Run: [Eritutewf] C:\Documents and Settings\Scumgriever\Application Data\Tauhn\unsy.exe ()
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:642D03E5F79B49A2
@Alternate Data Stream - 1390 bytes -> C:\Program Files\Common Files\System:TMYcjuNETge6Qj7MUsI
@Alternate Data Stream - 1340 bytes -> C:\Program Files\WindowsUpdate:I906PvpAFyzirRVvcJpLfYh
@Alternate Data Stream - 1324 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ptnxkVL2iqbrVnFmpGBOm0cmihO
@Alternate Data Stream - 1286 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ODgNwyvx0lhSW3aMILOUXHuTTGLv
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 1240 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:0clE2i2XRuLw34cEHgYxm
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC680CD1

:Files
C:\Documents and Settings\Scumgriever\Application Data\Tauhn
C:\Documents and Settings\Scumgriever\Local Settings\Application Data\{0726c64a-6faa-d2d9-aad7-39a4981838b1}
C:\WINDOWS\Installer\{0726c64a-6faa-d2d9-aad7-39a4981838b1}
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
Allow the installation of the recovery console
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#3
Scumgriever

Posted 08 August 2012 - 12:16 AM

New Member

Topic Starter
Member
5 posts

Hi,
Thanks for your prompt reply.

Upon running OTL my PC automatically rebooted and gave me the following log:

All processes killed
Error: Unable to interpret <:OTL
O4 - HKCU..\Run: [Eritutewf] C:\Documents and Settings\Scumgriever\Application Data\Tauhn\unsy.exe ()
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:642D03E5F79B49A2
@Alternate Data Stream - 1390 bytes -> C:\Program Files\Common Files\System:TMYcjuNETge6Qj7MUsI
@Alternate Data Stream - 1340 bytes -> C:\Program Files\WindowsUpdate:I906PvpAFyzirRVvcJpLfYh
@Alternate Data Stream - 1324 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ptnxkVL2iqbrVnFmpGBOm0cmihO
@Alternate Data Stream - 1286 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ODgNwyvx0lhSW3aMILOUXHuTTGLv
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 1240 bytes -> C:\Documents and Settings\All Users\Application Da> in the current context!
Error: Unable to interpret <ta\Microsoft:0clE2i2XRuLw34cEHgYxm
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC680CD1

:Files
C:\Documents and Settings\Scumgriever\Application Data\Tauhn
C:\Documents and Settings\Scumgriever\Local Settings\Application Data\{0726c64a-6faa-d2d9-aad7-39a4981838b1}
C:\WINDOWS\Installer\{0726c64a-6faa-d2d9-aad7-39a4981838b1}
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08082012_144608

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I think that seemed right but it wasn't mentioned do I thought I'd mention it.
The Log of the OTL quick scan, the combofix.txt log and the farbar FSS.txt log are all attached.

As for the computer everything seems to be running fine now. No errors on startup, I can access all the AV sites that I couldn't before, the firewall settings are accessible and seem to be working normally and the screen has stopped cutting out like it was.

Thankyou very much for your help. Is that it and what was it?

Regards, Oli

Attached Files

FSS.txt 2.11KB 86 downloads
ComboFix.txt 26.92KB 98 downloads
OTL.Txt 141.44KB 64 downloads

#4
Essexboy

Posted 08 August 2012 - 07:19 AM

GeekU Moderator

Retired Staff
69,964 posts

It looks as though the OTL fix did not take so we will do it a different way

Download to your desktop the attached Fix.txt

Open OTL and press Run Fix
A dialogue will open asking for the location of Fix.txt
Navigate to the fix.txt downloaded to your desktop and click it
Press Run Fix again

#5
Scumgriever

Posted 08 August 2012 - 07:49 AM

New Member

Topic Starter
Member
5 posts

Ok,
I did that and it rebooted and opened the attached file in notepad.

Attached Files

08082012_234329.log 7.21KB 88 downloads

#6
Essexboy

Posted 08 August 2012 - 08:10 AM

GeekU Moderator

Retired Staff
69,964 posts

That looks better, how is the computer behaving now ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#7
Scumgriever

Posted 08 August 2012 - 08:28 AM

New Member

Topic Starter
Member
5 posts

Ok, Done that. The computer seems to be working much better. Three was one point after my post which included all 3 logs and before the most recent OTL fix where the laptops keyboard stopped working but started again after a reboot. That hasn't happened since.
The log of the mbam follows. It didn't seem to find anything.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Scumgriever :: SCUMTOP [administrator]

9/08/2012 12:16:04 AM
mbam-log-2012-08-09 (00-16-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257379
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8
Essexboy

Posted 08 August 2012 - 08:41 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#9
Scumgriever

Posted 08 August 2012 - 10:49 AM

New Member

Topic Starter
Member
5 posts

Ok, I've done the cleanup and am updating a few of my out of date programs and uninstalling others,(the computer needed a good clean out anyway). I'll check back in a day or two to let you know how its going.

Thanks again for all your help. Made the whole thing a lot less painful than it could have been.
Oli

#10
Essexboy

Posted 10 August 2012 - 07:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.