Solved Slow Boot, Internet Problems, etc.

lpdrummer · 2009/12/04

[Resolved] Slow Boot, Internet Problems, etc.

This is a continuation of the thread I created here. My computer boots slowly, internet drops out after a while, and internet runs slowly at certain times.

DDS

DDS (Ver_09-12-01.01) - NTFSX64
Run by Alex at 10:41:39.96 on Fri 12/04/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1004 [GMT -5:00]

AV: Avanquest Fix-It *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Avanquest Fix-It *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Alex\AppData\Roaming\Microsoft\svchost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\AVANQU~1\Fix-It\mxtask2.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Alex\AppData\Roaming\mstwain32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Alex\AppData\Roaming\Microsoft\winlog.exe
C:\Windows\system32\taskeng.exe
C:\Users\Alex\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Launch Manager\MMDx64Fx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alex\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [mstwain32] c:\users\alex\appdata\roaming\mstwain32.exe
uRun: [winlog.exe] c:\users\alex\appdata\roaming\microsoft\winlog.exe
uRun: [svchost.exe] c:\users\alex\appdata\roaming\microsoft\svchost.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [H2O] "c:\program files (x86)\syncrosoft\pos\h2o\cledx.exe "
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe "
mRun: [SBRegRebootCleaner] "c:\program files (x86)\common files\antivirus\SBRC.exe "
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [PLFSetL] c:\windows\PLFSetL.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\fqw3adql.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\users\alex\program files (x86)\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-11-2 82480]
R2 SBAMSvc;Fix-It;c:\program files (x86)\common files\antivirus\SBAMSvc.exe [2008-10-28 886056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-7-18 62000]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2009-1-18 24652]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-1-20 214016]
R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-17 89920]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2009-1-19 48200]

============== File Associations ===============

regfile= "regedit.exe" "%1 "

=============== Created Last 30 ================

2009-12-02 06:30:51 1905 ----a-w- c:\windows\diagwrn.xml
2009-12-02 06:30:51 1905 ----a-w- c:\windows\diagerr.xml
2009-11-30 17:03:50 0 d-----w- c:\program files\ISO Recorder
2009-11-30 16:46:30 0 d-----w- c:\program files (x86)\Windows Resource Kits
2009-11-29 17:09:42 0 d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2009-11-28 16:32:11 0 d-----w- c:\program files (x86)\Windows Installer Clean Up
2009-11-28 16:31:20 0 d-----w- c:\program files (x86)\MSECACHE
2009-11-24 22:20:08 0 d-----w- c:\program files\Ventrilo
2009-11-24 22:20:05 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2009-11-24 05:35:28 0 d-----w- C:\SAVE
2009-11-24 05:32:09 85 ----a-w- c:\windows\sierra.ini
2009-11-24 05:31:13 0 d-----w- C:\Sierra
2009-11-24 05:21:52 0 d-----w- c:\program files (x86)\MagicISO
2009-11-15 00:50:27 0 d-----w- c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2009-11-15 00:50:27 0 d-----w- c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)
2009-11-15 00:48:40 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-13 03:06:21 0 d-----w- c:\programdata\WindowsSearch
2009-11-06 19:03:15 0 d-----w- c:\program files (x86)\FreeTime
2009-11-05 00:40:27 0 d-----w- c:\program files (x86)\Movie Maker 2.6

==================== Find3M ====================

2009-12-04 15:31:58 285890 ----a-w- c:\programdata\nvModes.dat
2009-12-04 15:29:30 33792 ----a-w- c:\users\alex\appdata\roaming\cmsetac.dll
2009-12-04 15:29:29 7168 ----a-w- c:\users\alex\appdata\roaming\ntdtcstp.dll
2009-11-24 23:16:37 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-24 23:16:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-24 23:02:26 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-01 22:48:31 183170 ----a-w- c:\windows\syswow64\SBFC.dat
2009-10-01 14:29:14 238960 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 17:09:22 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-08-18 03:19:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:43:58.47 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/16/2009 6:05:36 PM
System Uptime: 12/4/2009 10:28:36 AM (0 hours ago)

Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 39.286 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01211025&REV_12\4&6AD4B7A&0&4AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01211025&REV_12\4&6AD4B7A&0&4AF0
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01211025&REV_12\4&6AD4B7A&0&4BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01211025&REV_12\4&6AD4B7A&0&4BF0
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01211025&REV_12\4&6AD4B7A&0&4CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01211025&REV_12\4&6AD4B7A&0&4CF0
Service:

Class GUID:
Description:
Device ID: ACPI\WEC1020\4&23818D36&0
Manufacturer:
Name:
PNP Device ID: ACPI\WEC1020\4&23818D36&0
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {5c69eefe-3c1e-44ef-8501-f475f902fca7}
Description:
Device ID: ROOT\SYNCROSOFT_PROTECTION_DEVICE\0001
Manufacturer: Syncrosoft Hard- und Software GmbH
Name:
PNP Device ID: ROOT\SYNCROSOFT_PROTECTION_DEVICE\0001
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acer Crystal Eye
Acer Crystal Eye webcam
Acer Crystal Eye Webcam Video Class Camera
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Stock Photos 1.0
AIM 6
Amazon MP3 Downloader 1.0.5
Antares Autotune VST RTAS TDM v5.08
Apple Application Support
Apple Software Update
ASIO4ALL
Avanquest update
BitTorrent
DNA
Fix-It Utilities 9 Professional
FL Studio 8
Half-Life
Hamachi 1.0.1.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL Download Manager
Launch Manager
Lexicon Lambda ASIO (remove only)
Magic ISO Maker v5.5 (build 0276)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
NVIDIA PhysX
PowerISO
Prototype(TM)
QuickTime
Realtek High Definition Audio Driver
Reason Demo 4.0.1
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Steinberg Cubase LE 4
SyncroSoft Emu (Remove only)
Syncrosoft License Control
The Simsâ„¢ 3
Toxic Biohazard
TuxGuitar 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB974810)
Viewpoint Media Player
VLC media player 0.9.8a
Windows 7 Upgrade Advisor
Windows Installer Clean Up
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Windows Resource Kit Tools
WinRAR archiver
Worms Armageddon - New Edition

==== Event Viewer Messages From Past Week ========

12/4/2009 10:39:34 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/4/2009 10:30:05 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
12/4/2009 10:29:36 AM, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/4/2009 10:29:06 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/3/2009 11:32:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu spldr Wanarpv6
12/3/2009 11:32:06 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/3/2009 11:31:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/3/2009 11:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/3/2009 11:31:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/3/2009 10:54:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/3/2009 10:54:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/3/2009 10:53:48 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
12/3/2009 10:51:28 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
11/29/2009 4:44:28 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{031AAF2B-E9DF-4911-8966-5E024F904664} because another computer on the network has the same name. The server could not start.
11/29/2009 4:44:28 PM, Error: netbt [4321] - The name "ALEX-LAPTOP :20" could not be registered on the interface with IP address 0.0.0.0. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
11/29/2009 4:44:18 PM, Error: PlugPlayManager [12] - The device 'Intel(R) ICH8 Family PCI Express Root Port 6 - 2849' (PCI\VEN_8086&DEV_2849&SUBSYS_01211025&REV_03\3&21436425&0&E5) disappeared from the system without first being prepared for removal.
11/29/2009 4:44:18 PM, Error: PlugPlayManager [12] - The device 'Broadcom NetLink (TM) Gigabit Ethernet' (PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1d1097f2&0&00E5) disappeared from the system without first being prepared for removal.
11/29/2009 11:58:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.17.105.178 for the Network Card with network address 001B243EBADD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/29/2009 11:09:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/29/2009 11:09:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
11/29/2009 11:09:59 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2009 12:35:27 PM, Error: PlugPlayManager [12] - The device 'Ricoh xD-Picture Card Controller' (PCI\VEN_1180&DEV_0852&SUBSYS_01211025&REV_12\4&6ad4b7a&0&4BF0) disappeared from the system without first being prepared for removal.
11/27/2009 7:26:15 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
11/27/2009 12:54:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/27/2009 12:54:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
11/27/2009 12:54:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================

broni · 2009/12/04

I'm not familiar with Avanquest Fix-It program, which apparently includes AV module, however it's listed by DDS as outdated. Why?

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

******************************************************************************************
Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
DO NOT remove those entries!
If you do, your computer will become UN-bootable.
The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
****************************************************************************************

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

lpdrummer · 2009/12/09

Avanquest Fix-It is just a program to clean the registry, check hard disk errors, scan for some infected files, etc. It's not up to date, because every time I try to update it, it fails. It downloads the updates, and when it goes to apply them, the progress bar just keeps on repeating for hours.

Here are the logs:

SUPERAntispyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2009 at 10:50 PM

Application Version : 4.31.1000

Core Rules Database Version : 4339
Trace Rules Database Version: 2191

Scan type : Complete Scan
Total Scan Time : 08:58:43

Memory items scanned : 148
Memory threats detected : 0
Registry items scanned : 5193
Registry threats detected : 1
File items scanned : 102634
File threats detected : 1

Trojan.SVCHost/Fake
[svchost.exe] C:\USERS\ALEX\APPDATA\ROAMING\MICROSOFT\SVCHOST.EXE
C:\USERS\ALEX\APPDATA\ROAMING\MICROSOFT\SVCHOST.EXE

* I should note that there were a few folders in C:\WINDOWS that did not get scanned. It hung up on files in "assembly," and after 9 hours of running, I stopped the scan there. I will run it again this weekend when I can spare 9+ hours without a computer, but for now it only seems to pick up that one threat.

MBAM Log
Malwarebytes' Anti-Malware 1.42
Database version: 3316
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/8/2009 10:52:01 AM
mbam-log-2009-12-08 (10-52-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 293986
Time elapsed: 2 hour(s), 5 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\Alex\AppData\Roaming\Microsoft\winlog.exe (Trojan.Backdoor) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlog.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "regedit.exe" "%1 ") Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Alex\AppData\Roaming\Microsoft\winlog.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

GMER Log
GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-08 13:54:27
Windows 6.0.6002 Service Pack 2
Running: nhrbzfks.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB8 0xB8 0x39 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB8 0xB8 0x39 0xA8 ...

---- EOF - GMER 1.0.15 ----

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:35 PM, on 12/9/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [H2O] "C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Common Files\AntiVirus\SBRC.exe "
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Fix-It (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5623 bytes

broni · 2009/12/09

Avanquest Fix-It is just a program to clean the registry
Click to expand...

I suggest, you don't use it at all. Playing with registry gives nothing, but possible problems.

You don't have real AV program running then. I suggest, you uninstall Fix-It and install one of real AV programs:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program and run full scan.

How much RAM do you have?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Since those are pretty big files, you can attach them, if you wish.

lpdrummer · 2009/12/09

OTL Extras logfile created on: 12/9/2009 8:59:34 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Users\Alex\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.75% Memory free
2.44 Gb Paging File | 1.16 Gb Available in Paging File | 47.45% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.29 Gb Total Space | 38.09 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.18 Gb Free Space | 61.46% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX-LAPTOP
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B0 1E 2F E8 B3 1F CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{377973BF-ABE2-49A0-97AD-05CB4BE71B90}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{166227BA-E645-4B89-B7A7-D58C2AB3A326}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{17A6D678-1B33-4B86-83D8-F6B3CACB6269}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1CD1A5B6-7147-48F1-86ED-911B418816E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E42064C-061C-4245-974C-12FD0E8262A3}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{1FB949D3-8110-48CD-BD23-7459CF7B9BF6}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3B55986D-5946-40A7-97C4-71ED4C4D8B95}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{427ACD6C-9A70-4919-B9DA-8B9477389A85}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{5366DFE6-9576-4808-BAE9-99A783585D04}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{723040F9-6548-4431-8249-3DAE0A4C421A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{740AC6F1-ADF8-494D-AB4E-15FDC9DB1B08}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8F8E277C-2197-4466-AA10-735E18AA6FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{90EC56D1-E80A-4100-ADF6-6B1CF5AEDDDA}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{976046A9-72B1-4089-A683-C140F59148A7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D153B166-90C5-4F14-8A43-8B9CB1BEF6F3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{EE431890-249A-4CB2-BBA0-0D471B15F4FC}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FED8702A-0FBD-4AE5-A7EB-804B586036C9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{14899F7C-E2BF-4097-8CC1-AC8CE4EADC64}C:\users\alex\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\alex\program files (x86)\dna\btdna.exe |
"TCP Query User{1AF1ABB7-AF6B-435B-B679-E281127C93A8}C:\program files (x86)\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe |
"TCP Query User{42D1D7C3-8436-4C51-96B3-B0E572228212}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{47DDDFBD-68AD-409F-964E-9A9BBFC3B3EF}C:\sierra\half-life\hl.exe" = protocol=6 | dir=in | app=c:\sierra\half-life\hl.exe |
"TCP Query User{5582E9DD-1765-4D3B-87A5-5289B6082280}C:\program files\left 4 dead\hl2.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\hl2.exe |
"TCP Query User{6B48596F-D031-4D0D-9F83-485D3D235006}C:\users\alex\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\alex\program files (x86)\dna\btdna.exe |
"TCP Query User{6E7AC7C3-7DA1-4A50-BDCE-5DBFB2D17570}C:\games\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=c:\games\demigod\bin\demigod.exe |
"TCP Query User{6EEE635A-8F14-4720-9032-6C87C8D7F7FB}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{84B63020-7D2A-4054-ADB2-9628DC530F7A}C:\games\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\games\worms armageddon\wa.exe |
"TCP Query User{CB4501EB-0CD4-41DF-B8CB-F4BAEC109D3E}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{D93AA3FA-D8AE-4421-B6D9-21CB3320BD6B}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{1F21D1D8-9923-4DFC-A041-9AAC9D1E54CC}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{323EDB2E-7E39-43F7-B73A-81E38EB0B63E}C:\program files (x86)\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike\hl.exe |
"UDP Query User{694F1C60-F2F4-481D-8EA5-3B0873D13722}C:\program files\left 4 dead\hl2.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\hl2.exe |
"UDP Query User{6F81688A-7684-439C-8AE0-9AB6BD8D73C4}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{7183D7A6-A9C0-4B52-B27A-4FFB02A9BA8F}C:\games\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=c:\games\demigod\bin\demigod.exe |
"UDP Query User{7C5B6747-5E3D-49F6-8C9C-AD92E6AC88BA}C:\games\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\games\worms armageddon\wa.exe |
"UDP Query User{91EADD22-E473-49C2-A9B4-39B73E215F34}C:\users\alex\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\alex\program files (x86)\dna\btdna.exe |
"UDP Query User{93A473A8-5435-43B8-B423-5D2610B0A284}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{BF105482-6074-4F59-AD31-5A70254FC385}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CD13479B-7622-407A-A0A3-BEBE28CE8C38}C:\sierra\half-life\hl.exe" = protocol=17 | dir=in | app=c:\sierra\half-life\hl.exe |
"UDP Query User{EE0FFF36-006E-42A2-A4D8-BA22AE1BC82D}C:\users\alex\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\alex\program files (x86)\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 9 Professional
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Simsâ„¢ 3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FL Studio 8" = FL Studio 8
"Half-Life" = Half-Life
"Hamachi" = Hamachi 1.0.1.5
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"Lambda ASIO driver" = Lexicon Lambda ASIO (remove only)
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PowerISO" = PowerISO
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Reason4Demo_is1" = Reason Demo 4.0.1
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft License Control" = Syncrosoft License Control
"Toxic Biohazard" = Toxic Biohazard
"TuxGuitar_0" = TuxGuitar 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2009 5:32:15 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:15 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 12/9/2009 5:32:16 PM | Computer Name = Alex-Laptop | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 3/5/2009 1:39:46 PM | Computer Name = Alex-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/21/2009 12:36:05 AM | Computer Name = Alex-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/29/2009 11:16:27 AM | Computer Name = Alex-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 270
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/30/2009 11:32:10 AM | Computer Name = Alex-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 80
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/12/2009 11:01:22 PM | Computer Name = Alex-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 138
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 12/9/2009 9:56:52 PM | Computer Name = Alex-Laptop | Source = Service Control Manager | ID = 7001
Description =

< End of report >

lpdrummer · 2009/12/09

OTL logfile created on: 12/9/2009 8:59:34 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Users\Alex\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.75% Memory free
2.44 Gb Paging File | 1.16 Gb Available in Paging File | 47.45% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.29 Gb Total Space | 38.09 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.18 Gb Free Space | 61.46% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX-LAPTOP
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/09 20:59:01 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2009/11/02 22:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/03/31 16:06:26 | 00,050,456 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
PRC - [2009/03/31 16:06:22 | 00,161,048 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe
PRC - [2009/03/31 16:06:20 | 00,808,216 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\Fix-It.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/10/28 16:28:10 | 00,886,056 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2008/03/31 20:01:58 | 00,793,096 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2009/12/09 20:59:01 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2008/09/24 15:58:46 | 00,028,672 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\WinHook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/21 15:36:16 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/31 16:06:22 | 00,161,048 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2009/03/29 20:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/10 00:49:33 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/28 16:28:10 | 00,886,056 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/28 12:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/07 04:33:57 | 00,000,000 | ---D | M]

[2009/01/16 16:19:30 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2009/12/09 20:12:40 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fqw3adql.default\extensions
[2009/09/21 10:18:36 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fqw3adql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/30 12:02:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (351981 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12066 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Common Files\AntiVirus\SBRC.exe (Sunbelt Software)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/26 00:49:34 | 00,000,267 | -H-- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{43ab7e55-677b-11de-8e34-001b243ebadd}\Shell\AutoRun\command - " " = E:\svchost.exe -- [2009/11/22 00:15:56 | 00,614,400 | -H-- | M] (MAyqYwqiWEb)
O33 - MountPoints2\{43cbecc1-170e-11de-8042-001b243ebadd}\Shell\AutoRun\command - " " = F:\winlog.exe -- File not found
O33 - MountPoints2\{5b37c36f-f612-11dd-8046-001b243ebadd}\Shell\AutoRun\command - " " = E:\winlog.exe -- [2009/07/18 05:49:50 | 00,135,168 | -H-- | M] (MQHTKXWJJELGPXYFXDFC)
O33 - MountPoints2\{7f578097-ef03-11dd-89c0-001b243ebadd}\Shell - " " = AutoRun
O33 - MountPoints2\{7f578097-ef03-11dd-89c0-001b243ebadd}\Shell\AutoRun\command - " " = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{92ee79bc-c80f-11de-af09-001b243ebadd}\Shell\AutoRun\command - " " = F:\svchost.exe -- File not found
O33 - MountPoints2\{dd463433-f9e4-11dd-b183-001b243ebadd}\Shell\AutoRun\command - " " = H:\svchost.exe -- File not found
O33 - MountPoints2\{dd463436-f9e4-11dd-b183-001b243ebadd}\Shell - " " = AutoRun
O33 - MountPoints2\{dd463436-f9e4-11dd-b183-001b243ebadd}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - " " = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - " " = D:\Start.exe -- File not found
O33 - MountPoints2\E\Shell - " " = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - " " = E:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SBBD.exe \Device\HarddiskVolume2\Windows\System32\SBFC.dat /d \Device\HarddiskVolume2\Program Files (x86)\Common Files\AntiVirus\Definitions\SBSP.dat) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/09 20:58:59 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2009/12/09 16:29:32 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\U3
[2009/12/09 16:19:16 | 00,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Fixing Programs
[2009/12/09 16:10:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/12/08 01:27:57 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2009/12/08 01:27:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/08 01:27:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/08 01:27:49 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/08 01:27:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/06 12:41:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/06 12:39:26 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/06 12:39:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/12/04 17:01:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike
[2009/12/03 11:16:47 | 00,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Worms Armageddon
[2009/11/30 12:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\ISO Recorder
[2009/11/30 11:46:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2009/11/29 12:10:47 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft Corporation
[2009/11/29 12:09:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2009/11/28 11:32:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2009/11/28 11:31:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2009/05/18 19:40:59 | 00,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/09 21:02:43 | 05,505,024 | -HS- | M] () -- C:\Users\Alex\ntuser.dat
[2009/12/09 20:59:01 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2009/12/09 19:04:58 | 00,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/09 19:04:58 | 00,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/09 18:00:52 | 00,013,855 | ---- | M] () -- C:\Users\Alex\Documents\PEM 2131 Final Review.docx
[2009/12/09 16:27:32 | 00,285,890 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/09 15:05:27 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B745C1C2-4629-4241-9961-2A217BD301D6}.job
[2009/12/09 15:05:09 | 00,285,890 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/09 15:05:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/09 11:11:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/09 11:11:42 | 21,458,37056 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/09 02:04:10 | 00,524,288 | -HS- | M] () -- C:\Users\Alex\ntuser.dat{8b77d499-b91f-11de-83cd-001b243ebadd}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 02:04:10 | 00,065,536 | -HS- | M] () -- C:\Users\Alex\ntuser.dat{8b77d499-b91f-11de-83cd-001b243ebadd}.TM.blf
[2009/12/09 02:04:06 | 01,667,344 | -H-- | M] () -- C:\Users\Alex\AppData\Local\IconCache.db
[2009/12/08 20:34:22 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/08 20:34:22 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/08 20:34:22 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/08 13:34:46 | 37,987,7264 | ---- | M] () -- C:\Users\Alex\Desktop\A_May Podcast.aif
[2009/12/08 11:24:21 | 00,136,473 | ---- | M] () -- C:\Users\Alex\Documents\Christmas List 09.docx
[2009/12/08 11:19:36 | 00,032,826 | ---- | M] () -- C:\Users\Alex\Desktop\_Final Test Review.pdf
[2009/12/07 14:07:16 | 00,009,380 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps64.dat
[2009/12/06 23:56:23 | 00,050,898 | ---- | M] () -- C:\Users\Alex\Desktop\silver_image4_20090909.jpg
[2009/12/06 23:01:39 | 00,036,789 | ---- | M] () -- C:\Users\Alex\Desktop\P02220.png
[2009/12/06 22:42:09 | 00,040,924 | ---- | M] () -- C:\Users\Alex\Desktop\BGAMMS05.JPG
[2009/12/06 22:38:51 | 00,004,216 | ---- | M] () -- C:\Users\Alex\Desktop\257923.jpg
[2009/12/06 12:39:29 | 00,000,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/04 16:55:41 | 00,074,240 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 00:43:49 | 00,011,586 | ---- | M] () -- C:\Users\Alex\Documents\Ipod Comparison.docx
[2009/12/03 23:56:31 | 00,036,925 | ---- | M] () -- C:\Users\Alex\Desktop\142753-nanoside_original.jpg
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/02 01:31:55 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/12/02 01:31:55 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/30 12:02:19 | 00,408,326 | ---- | M] () -- C:\Users\Alex\Desktop\ISORecorderV3RC1x64.zip
[2009/11/30 01:35:32 | 00,305,152 | ---- | M] () -- C:\Users\Alex\Desktop\windiag.iso
[2009/11/29 12:09:43 | 00,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2009/11/28 12:39:34 | 14,401,509 | ---- | M] () -- C:\Users\Alex\Desktop\Podcast%20Afternoon%20Alchemy.wma
[2009/11/28 12:06:42 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\**.lnk
[2009/11/25 21:33:20 | 00,012,399 | ---- | M] () -- C:\Users\Alex\Documents\UCF Schedule.xlsx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/09 18:00:51 | 00,013,855 | ---- | C] () -- C:\Users\Alex\Documents\PEM 2131 Final Review.docx
[2009/12/09 16:25:24 | 37,987,7264 | ---- | C] () -- C:\Users\Alex\Desktop\A_May Podcast.aif
[2009/12/08 11:19:35 | 00,032,826 | ---- | C] () -- C:\Users\Alex\Desktop\_Final Test Review.pdf
[2009/12/07 23:03:06 | 21,458,37056 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/06 23:56:23 | 00,050,898 | ---- | C] () -- C:\Users\Alex\Desktop\silver_image4_20090909.jpg
[2009/12/06 23:01:37 | 00,036,789 | ---- | C] () -- C:\Users\Alex\Desktop\P02220.png
[2009/12/06 22:42:09 | 00,040,924 | ---- | C] () -- C:\Users\Alex\Desktop\BGAMMS05.JPG
[2009/12/06 22:38:51 | 00,004,216 | ---- | C] () -- C:\Users\Alex\Desktop\257923.jpg
[2009/12/06 12:39:29 | 00,000,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/04 00:43:47 | 00,011,586 | ---- | C] () -- C:\Users\Alex\Documents\Ipod Comparison.docx
[2009/12/03 23:56:28 | 00,036,925 | ---- | C] () -- C:\Users\Alex\Desktop\142753-nanoside_original.jpg
[2009/12/02 01:30:51 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/12/02 01:30:51 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/12/02 01:18:16 | 00,136,473 | ---- | C] () -- C:\Users\Alex\Documents\Christmas List 09.docx
[2009/11/30 12:02:18 | 00,408,326 | ---- | C] () -- C:\Users\Alex\Desktop\ISORecorderV3RC1x64.zip
[2009/11/30 01:35:32 | 00,305,152 | ---- | C] () -- C:\Users\Alex\Desktop\windiag.iso
[2009/11/29 12:09:43 | 00,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2009/11/28 12:06:42 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\**.lnk
[2009/11/27 13:25:27 | 14,401,509 | ---- | C] () -- C:\Users\Alex\Desktop\Podcast%20Afternoon%20Alchemy.wma
[2009/11/24 17:20:05 | 00,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/24 00:32:09 | 00,000,085 | ---- | C] () -- C:\Windows\sierra.ini
[2009/09/21 10:43:21 | 00,544,944 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_ATL80SP1_KB973923MSI438A.txt
[2009/09/21 10:43:20 | 00,011,786 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_ATL80SP1_KB973923UI438A.txt
[2009/08/17 21:48:29 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/17 21:48:08 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/18 19:41:00 | 01,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2009/05/18 19:41:00 | 00,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2009/05/18 19:40:59 | 01,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2009/05/18 19:40:59 | 00,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2009/05/18 19:40:59 | 00,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2009/05/18 19:40:59 | 00,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2009/05/06 17:15:16 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/01 03:39:42 | 00,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/31 18:25:12 | 00,028,109 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/03/31 18:24:58 | 00,001,578 | ---- | C] () -- C:\Users\Alex\AppData\Local\uxeventlog.txt
[2009/03/31 18:24:58 | 00,000,604 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_dotnetfx3error.txt
[2009/03/31 18:24:57 | 00,031,814 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_dotnetfx3install.txt
[2009/01/17 00:33:41 | 00,285,890 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/17 00:33:41 | 00,285,890 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/16 20:45:47 | 00,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2009/01/16 16:10:38 | 00,000,552 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d8caps.dat
[2009/01/16 16:09:34 | 00,074,240 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/16 15:11:58 | 00,009,380 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps64.dat
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/26 23:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2009/01/18 23:13:20 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\acccore
[2009/03/28 19:19:40 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acoustica
[2009/09/05 11:08:14 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
[2009/06/24 17:10:22 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Antares
[2009/10/31 13:20:32 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avanquest
[2009/04/15 20:47:01 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2009/08/29 19:42:15 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2009/06/26 16:12:00 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Braid
[2009/03/06 02:59:28 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2009/03/06 03:01:25 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/03/06 02:59:28 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2009/10/31 16:55:56 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2009/09/25 17:43:27 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Opera
[2009/03/28 18:15:48 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software
[2009/05/06 02:57:31 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steinberg
[2009/12/09 02:04:12 | 00,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/09 15:05:27 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B745C1C2-4629-4241-9961-2A217BD301D6}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/10 22:28:26 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

lpdrummer · 2009/12/09

double post

broni · 2009/12/09

What about?

I suggest, you don't use it at all. Playing with registry gives nothing, but possible problems.

You don't have real AV program running then. I suggest, you uninstall Fix-It and install one of real AV programs:

- Avira free antivirus: http://www.free-av.com/en/download/1...antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program and run full scan.
Click to expand...

lpdrummer · 2009/12/10

Avanquest is a anti-virus/anti-spyware program also, do I need those downloads in addition to it?

broni · 2009/12/10

All I'm saying, I don't have any info about Avanquest reliability, so I suggested uninstalling it and going with one of my programs, but the decision is surely yours.
If you want to keep Avanquest, that's fine. Just let me know about your decision and we'll go from there.

lpdrummer · 2009/12/11

I'd like to stick with the one I have for now, but if I need to switch in order to fix this problem, I can.

broni · 2009/12/11

That's fine...

Did you create own hosts file, or you have no idea, what I'm talking about?

lpdrummer · 2009/12/11

I'm not sure either way.

broni · 2009/12/11

OK then. Let me review your OTL log.

broni · 2009/12/11

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
[2009/11/28 12:06:42 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\**.lnk


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

lpdrummer · 2009/12/12

OK here it is:

OTL logfile created on: 12/12/2009 2:00:57 AM - Run 2
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Users\Alex\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.96% Memory free
2.43 Gb Paging File | 1.39 Gb Available in Paging File | 57.23% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.29 Gb Total Space | 45.14 Gb Free Space | 32.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.18 Gb Free Space | 61.46% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX-LAPTOP
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/09 20:59:01 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2009/11/02 22:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/03/31 16:06:26 | 00,050,456 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
PRC - [2009/03/31 16:06:22 | 00,161,048 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/10/28 16:28:10 | 00,886,056 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2009/12/09 20:59:01 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2008/09/24 15:58:46 | 00,028,672 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\WinHook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/21 15:36:16 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/31 16:06:22 | 00,161,048 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2009/03/29 20:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/10 00:49:33 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/28 16:28:10 | 00,886,056 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/28 12:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/07 04:33:57 | 00,000,000 | ---D | M]

[2009/01/16 16:19:30 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2009/12/11 01:08:58 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fqw3adql.default\extensions
[2009/09/21 10:18:36 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fqw3adql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/30 12:02:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (98 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Common Files\AntiVirus\SBRC.exe (Sunbelt Software)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/26 00:49:34 | 00,000,267 | -H-- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{43ab7e55-677b-11de-8e34-001b243ebadd}\Shell\AutoRun\command - " " = E:\svchost.exe -- [2009/11/22 00:15:56 | 00,614,400 | -H-- | M] (MAyqYwqiWEb)
O33 - MountPoints2\{43cbecc1-170e-11de-8042-001b243ebadd}\Shell\AutoRun\command - " " = F:\winlog.exe -- File not found
O33 - MountPoints2\{5b37c36f-f612-11dd-8046-001b243ebadd}\Shell\AutoRun\command - " " = E:\winlog.exe -- [2009/07/18 05:49:50 | 00,135,168 | -H-- | M] (MQHTKXWJJELGPXYFXDFC)
O33 - MountPoints2\{7f578097-ef03-11dd-89c0-001b243ebadd}\Shell - " " = AutoRun
O33 - MountPoints2\{7f578097-ef03-11dd-89c0-001b243ebadd}\Shell\AutoRun\command - " " = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{92ee79bc-c80f-11de-af09-001b243ebadd}\Shell\AutoRun\command - " " = F:\svchost.exe -- File not found
O33 - MountPoints2\{dd463433-f9e4-11dd-b183-001b243ebadd}\Shell\AutoRun\command - " " = H:\svchost.exe -- File not found
O33 - MountPoints2\{dd463436-f9e4-11dd-b183-001b243ebadd}\Shell - " " = AutoRun
O33 - MountPoints2\{dd463436-f9e4-11dd-b183-001b243ebadd}\Shell\AutoRun\command - " " = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - " " = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - " " = D:\Start.exe -- File not found
O33 - MountPoints2\E\Shell - " " = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - " " = E:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SBBD.exe \Device\HarddiskVolume2\Windows\System32\SBFC.dat /d \Device\HarddiskVolume2\Program Files (x86)\Common Files\AntiVirus\Definitions\SBSP.dat) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 01:51:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/09 20:58:59 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2009/12/09 16:29:32 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\U3
[2009/12/09 16:19:16 | 00,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Fixing Programs
[2009/12/09 16:10:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/12/08 01:27:57 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2009/12/08 01:27:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/08 01:27:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/08 01:27:49 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/08 01:27:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/06 12:41:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/06 12:39:26 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/06 12:39:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/12/04 17:01:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike
[2009/12/03 11:16:47 | 00,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Worms Armageddon
[2009/11/30 12:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\ISO Recorder
[2009/11/30 11:46:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2009/11/29 12:10:47 | 00,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft Corporation
[2009/11/29 12:09:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2009/11/28 11:32:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2009/11/28 11:31:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2009/05/18 19:40:59 | 00,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

========== Files - Modified Within 14 Days ==========

[2009/12/12 02:01:25 | 05,505,024 | -HS- | M] () -- C:\Users\Alex\ntuser.dat
[2009/12/12 02:00:22 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/12 02:00:08 | 00,285,890 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/12 01:57:00 | 00,285,890 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/12 01:56:09 | 00,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 01:56:09 | 00,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 01:56:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/12 01:55:58 | 21,458,37056 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 01:53:32 | 00,524,288 | -HS- | M] () -- C:\Users\Alex\ntuser.dat{8b77d499-b91f-11de-83cd-001b243ebadd}.TMContainer00000000000000000001.regtrans-ms
[2009/12/12 01:53:32 | 00,065,536 | -HS- | M] () -- C:\Users\Alex\ntuser.dat{8b77d499-b91f-11de-83cd-001b243ebadd}.TM.blf
[2009/12/12 01:53:29 | 01,832,359 | -H-- | M] () -- C:\Users\Alex\AppData\Local\IconCache.db
[2009/12/11 17:08:31 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B745C1C2-4629-4241-9961-2A217BD301D6}.job
[2009/12/11 01:01:38 | 00,012,724 | ---- | M] () -- C:\Users\Alex\Documents\Bring Home-Bring up 2009.docx
[2009/12/09 20:59:01 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2009/12/09 18:00:52 | 00,013,855 | ---- | M] () -- C:\Users\Alex\Documents\PEM 2131 Final Review.docx
[2009/12/08 20:34:22 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/08 20:34:22 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/08 20:34:22 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/08 13:34:46 | 37,987,7264 | ---- | M] () -- C:\Users\Alex\Desktop\A_May Podcast.aif
[2009/12/08 11:24:21 | 00,136,473 | ---- | M] () -- C:\Users\Alex\Documents\Christmas List 09.docx
[2009/12/08 11:19:36 | 00,032,826 | ---- | M] () -- C:\Users\Alex\Desktop\_Final Test Review.pdf
[2009/12/07 14:07:16 | 00,009,380 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps64.dat
[2009/12/06 23:56:23 | 00,050,898 | ---- | M] () -- C:\Users\Alex\Desktop\silver_image4_20090909.jpg
[2009/12/06 23:01:39 | 00,036,789 | ---- | M] () -- C:\Users\Alex\Desktop\P02220.png
[2009/12/06 22:42:09 | 00,040,924 | ---- | M] () -- C:\Users\Alex\Desktop\BGAMMS05.JPG
[2009/12/06 22:38:51 | 00,004,216 | ---- | M] () -- C:\Users\Alex\Desktop\257923.jpg
[2009/12/06 12:39:29 | 00,000,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/04 16:55:41 | 00,074,240 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 00:43:49 | 00,011,586 | ---- | M] () -- C:\Users\Alex\Documents\Ipod Comparison.docx
[2009/12/03 23:56:31 | 00,036,925 | ---- | M] () -- C:\Users\Alex\Desktop\142753-nanoside_original.jpg
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/02 01:31:55 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/12/02 01:31:55 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/30 12:02:19 | 00,408,326 | ---- | M] () -- C:\Users\Alex\Desktop\ISORecorderV3RC1x64.zip
[2009/11/30 01:35:32 | 00,305,152 | ---- | M] () -- C:\Users\Alex\Desktop\windiag.iso
[2009/11/29 12:09:43 | 00,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2009/11/28 12:39:34 | 14,401,509 | ---- | M] () -- C:\Users\Alex\Desktop\Podcast%20Afternoon%20Alchemy.wma
[2009/11/28 12:06:42 | 00,001,778 | ---- | M] () -- C:\Users\Public\Desktop\**.lnk

========== Files Created - No Company Name ==========

[2009/12/11 01:01:37 | 00,012,724 | ---- | C] () -- C:\Users\Alex\Documents\Bring Home-Bring up 2009.docx
[2009/12/09 18:00:51 | 00,013,855 | ---- | C] () -- C:\Users\Alex\Documents\PEM 2131 Final Review.docx
[2009/12/09 16:25:24 | 37,987,7264 | ---- | C] () -- C:\Users\Alex\Desktop\A_May Podcast.aif
[2009/12/08 11:19:35 | 00,032,826 | ---- | C] () -- C:\Users\Alex\Desktop\_Final Test Review.pdf
[2009/12/07 23:03:06 | 21,458,37056 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/06 23:56:23 | 00,050,898 | ---- | C] () -- C:\Users\Alex\Desktop\silver_image4_20090909.jpg
[2009/12/06 23:01:37 | 00,036,789 | ---- | C] () -- C:\Users\Alex\Desktop\P02220.png
[2009/12/06 22:42:09 | 00,040,924 | ---- | C] () -- C:\Users\Alex\Desktop\BGAMMS05.JPG
[2009/12/06 22:38:51 | 00,004,216 | ---- | C] () -- C:\Users\Alex\Desktop\257923.jpg
[2009/12/06 12:39:29 | 00,000,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/04 00:43:47 | 00,011,586 | ---- | C] () -- C:\Users\Alex\Documents\Ipod Comparison.docx
[2009/12/03 23:56:28 | 00,036,925 | ---- | C] () -- C:\Users\Alex\Desktop\142753-nanoside_original.jpg
[2009/12/02 01:30:51 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/12/02 01:30:51 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/12/02 01:18:16 | 00,136,473 | ---- | C] () -- C:\Users\Alex\Documents\Christmas List 09.docx
[2009/11/30 12:02:18 | 00,408,326 | ---- | C] () -- C:\Users\Alex\Desktop\ISORecorderV3RC1x64.zip
[2009/11/30 01:35:32 | 00,305,152 | ---- | C] () -- C:\Users\Alex\Desktop\windiag.iso
[2009/11/29 12:09:43 | 00,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2009/11/28 12:06:42 | 00,001,778 | ---- | C] () -- C:\Users\Public\Desktop\**.lnk
[2009/11/24 17:20:05 | 00,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/24 00:32:09 | 00,000,085 | ---- | C] () -- C:\Windows\sierra.ini
[2009/09/21 10:43:21 | 00,544,944 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_ATL80SP1_KB973923MSI438A.txt
[2009/09/21 10:43:20 | 00,011,786 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_ATL80SP1_KB973923UI438A.txt
[2009/08/17 21:48:29 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/17 21:48:08 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/18 19:41:00 | 01,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2009/05/18 19:41:00 | 00,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2009/05/18 19:40:59 | 01,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2009/05/18 19:40:59 | 00,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2009/05/18 19:40:59 | 00,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2009/05/18 19:40:59 | 00,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2009/05/06 17:15:16 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/01 03:39:42 | 00,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/31 18:25:12 | 00,028,109 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/03/31 18:24:58 | 00,001,578 | ---- | C] () -- C:\Users\Alex\AppData\Local\uxeventlog.txt
[2009/03/31 18:24:58 | 00,000,604 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_dotnetfx3error.txt
[2009/03/31 18:24:57 | 00,031,814 | ---- | C] () -- C:\Users\Alex\AppData\Local\dd_dotnetfx3install.txt
[2009/01/17 00:33:41 | 00,285,890 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/17 00:33:41 | 00,285,890 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/16 20:45:47 | 00,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2009/01/16 16:10:38 | 00,000,552 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d8caps.dat
[2009/01/16 16:09:34 | 00,074,240 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/16 15:11:58 | 00,009,380 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps64.dat
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/26 23:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2009/01/18 23:13:20 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\acccore
[2009/03/28 19:19:40 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acoustica
[2009/09/05 11:08:14 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
[2009/06/24 17:10:22 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Antares
[2009/10/31 13:20:32 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avanquest
[2009/04/15 20:47:01 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2009/08/29 19:42:15 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2009/06/26 16:12:00 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Braid
[2009/03/06 02:59:28 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2009/03/06 03:01:25 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/03/06 02:59:28 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2009/10/31 16:55:56 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2009/09/25 17:43:27 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Opera
[2009/03/28 18:15:48 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software
[2009/05/06 02:57:31 | 00,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steinberg
[2009/12/12 01:59:22 | 00,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/11 17:08:31 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B745C1C2-4629-4241-9961-2A217BD301D6}.job

========== Purity Check ==========

< End of report >

broni · 2009/12/12

Your computer seems to be clean, but for a good measure....

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

lpdrummer · 2009/12/12

I have ran Cure It as a complete scan twice now, and when I come back to check on my computer, my computer has restarted with the error "Windows has recovered from an unexpected shutdown. "

Also, I have 2GB of RAM, I forgot to answer that from your earlier post.

broni · 2009/12/12

Download, and install AVP Tool.
After installation, leave all settings as they're, and simply click on Scan button.
When scan is done, and any objects are found, click on Neutralize all button.
Next, click Reports... button, then Save to file....
Save the file to know location as report.txt.
Open report.txt in Notepad, copy all content, and post it in your next reply.

Post fresh HijackThis log as well.

lpdrummer · 2009/12/12

AVP Tool didn't pick up anything, so it wouldn't let me save a report.

Here's a HijackThis log though:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:36 PM, on 12/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Common Files\AntiVirus\SBRC.exe "
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: setup_9.0.0.722_13.12.2009_06-36.lnk = C:\Users\Alex\Desktop\Virus Removal Tool\setup_9.0.0.722_13.12.2009_06-36\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Fix-It (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5468 bytes

Log in or Sign up

Solved Slow Boot, Internet Problems, etc.

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

lpdrummer Inactive Thread Starter

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Slow Boot, Internet Problems, etc.

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

lpdrummer Inactive Thread Starter

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

Share This Page

Useful Searches