Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] baseline

Started by virusnoob , Oct 11 2009 01:57 AM

  • This topic is locked This topic is locked
13 replies to this topic

#1 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 11 October 2009 - 01:57 AM

i keep having random sounds and ads playing with no browers open. I did a scan with MalwareBytes, Nod32, and Dr.Web. 6 things were found by MalwareBytes and were removed but it came back . Its been happening for a week now it keeps coming back . It has like commercial sounds bout Me winning and HN1N I don't know what to do. There also random popups windows with no browser open. So i found out bout Hijack this and coming here for help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:18 AM, on 10/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: chargeyourprofit browser enhancer - {B0B3389D-DFDA-0844-0A7F-EE3B8E6AE52C} - C:\Windows\SysWow64\vtavuvgjzau.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG311v3\wlancfg5.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca3e4ca093b9e8) (gupdate1ca3e4ca093b9e8) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8839 bytes

Edited by virusnoob, 11 October 2009 - 02:19 AM.

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 13 October 2009 - 11:39 PM

Hi virusnoob,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 14 October 2009 - 11:07 PM

My computer is much better now but was slow before the scan it became laggy and slow but it is much much better ty and the nosies has stopped ty very much





Malwarebytes' Anti-Malware 1.41
Database version: 2943
Windows 6.0.6002 Service Pack 2

10/14/2009 11:37:54 AM
mbam-log-2009-10-14 (11-37-54).txt

Scan type: Quick Scan
Objects scanned: 85245
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fikqdtnmqwvypmopf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0b3389d-dfda-0844-0a7f-ee3b8e6ae52c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0b3389d-dfda-0844-0a7f-ee3b8e6ae52c} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\fikqdtnmqwvypmopf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\vtavuvgjzau.dll (Trojan.BHO) -> Quarantined and deleted successfully.



and here is a updated hijack this logfile



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:59 PM, on 10/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG311v3\wlancfg5.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca3e4ca093b9e8) (gupdate1ca3e4ca093b9e8) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8828 bytes

#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 14 October 2009 - 11:11 PM

virusnoob,

Let's get an online scan to make sure Mbam got it all.


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 15 October 2009 - 12:14 AM

Oh i just did this but with the eset/nod32 online scanner because kaspersky doesn't work with my computer. and it found nothing and i did malware bytes again and nothing was found but there is one problem after that TFC thingy scanner my browser and my comp became much slower it takes awhile for it to load. but no pop or viruses were interuppting me any more but can you help with the slow loading now plzzz?

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 15 October 2009 - 05:53 AM

virusnoob,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

I would further suggest that you also read this tutorial on slow running computers
and Help! My computer is slow! by miekiemoes.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 15 October 2009 - 06:09 PM

okay i did the scan this is the otl txt.

OTL logfile created on: 10/15/2009 4:58:59 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Richard\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.52% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 61.18 Gb Free Space | 41.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD-PC
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/15 16:56:15 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/09/16 09:10:12 | 03,634,024 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2009/09/12 13:32:35 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/01 17:14:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/07/06 15:04:00 | 01,611,152 | ---- | M] (Philips) -- C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
PRC - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/11 07:33:20 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV:64bit: - [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn [Auto | Running])
SRV:64bit: - [2009/04/11 00:11:28 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 00:11:16 | 00,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService [Auto | Running])
SRV:64bit: - [2009/04/11 00:11:06 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 19:51:24 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2008/01/20 19:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 19:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fxssvc.exe -- (Fax [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 19:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009/10/13 14:43:16 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2009/09/25 18:56:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1ca3e4ca093b9e8 [Auto | Stopped])
SRV - [2009/09/21 16:36:16 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2009/05/20 01:50:20 | 02,772,302 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/01/20 19:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 19:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 06:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2006/11/02 02:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2006/11/01 23:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/01 23:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/11 07:27:10 | 00,044,944 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp [Auto | Running])
DRV:64bit: - [2009/09/11 07:27:04 | 00,168,544 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw [Auto | Running])
DRV:64bit: - [2009/09/11 07:23:52 | 00,136,584 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV:64bit: - [2009/09/11 07:17:20 | 00,144,824 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV:64bit: - [2009/06/19 09:10:40 | 00,033,608 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis [On_Demand | Running])
DRV:64bit: - [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2009/04/11 00:15:32 | 00,160,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol [Boot | Running])
DRV:64bit: - [2009/04/10 22:39:36 | 00,098,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV:64bit: - [2009/04/10 21:56:26 | 00,460,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC [System | Running])
DRV:64bit: - [2008/01/20 19:46:34 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2007/06/25 05:37:14 | 00,108,032 | ---- | M] (Realtek Corporation ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2007/05/03 08:11:46 | 00,244,736 | ---- | M] (Marvell Semiconductor, Inc) -- C:\Windows\SysNative\DRIVERS\MRVW13C.sys -- (MRV6X64P [On_Demand | Running])
DRV:64bit: - [2006/11/01 22:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2009/07/23 16:07:35 | 00,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009/07/23 15:29:28 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC [System | Running])
DRV - [2008/08/12 17:08:04 | 00,143,872 | ---- | M] () -- C:\Windows\SysWOW64\drivers\archlp.sys -- (archlp [System | Running])
DRV - [2006/09/18 14:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [System | Running])
DRV - [2006/09/18 14:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2005/01/02 14:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 52 A4 04 82 23 CA 01 [binary data]
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "swagbucks.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...om/webhp?hl=en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: bloodfire@example.com:3.5
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.5.2.08.11.09
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/23 18:01:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/10/04 23:04:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/09 19:47:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/07/23 18:02:03 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Extensions
[2009/07/23 18:02:03 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/15 02:06:28 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions
[2009/07/23 18:03:00 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 15:44:18 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2009/07/23 18:03:01 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/08/12 20:52:03 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/01 17:17:32 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/23 23:42:11 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\bloodfire@example.com
[2009/10/10 11:46:42 | 00,001,183 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins\swagbuckscom.xml
[2009/10/15 02:06:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/12 13:32:37 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/01 17:14:38 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/12 13:32:35 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 13:32:35 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2009/08/01 17:14:12 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/07/07 14:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll
[2009/07/07 14:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll
[2009/09/12 13:32:36 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/07/15 11:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 11:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/07/15 11:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 11:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 11:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/07/15 11:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 11:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (50 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
O4 - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2007572775-1956699559-2467264984-1000\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/23 06:37:06 | 00,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2009/09/27 10:17:15 | 00,000,000 | ---D | C] -- C:\ProgramData\AIM
[2009/09/16 20:37:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/09/16 20:37:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/09/23 06:55:57 | 00,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft
[2009/10/03 23:54:35 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/05 20:22:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/10/01 00:37:10 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\.minecraft
[2009/09/16 20:39:12 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Apple Computer
[2009/09/23 06:56:07 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\ArcSoft
[2009/10/07 20:10:45 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Auslogics
[2009/10/09 16:26:19 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Download Manager
[2009/10/13 20:59:59 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\ESET
[2009/10/05 20:29:07 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Publish Providers
[2009/10/05 20:28:56 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Sony
[2009/10/04 10:28:44 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Uniblue
[2009/09/27 10:17:15 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\AIM
[2009/09/16 20:37:15 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple
[2009/09/16 20:39:12 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple Computer
[2009/09/23 06:56:08 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\ArcSoft
[2009/10/13 20:17:05 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\ESET
[2009/09/25 18:56:48 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Google
[2009/10/05 20:28:56 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Sony
[2009/09/16 20:37:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2009/09/23 06:55:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2009/10/04 09:53:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2009/10/04 09:53:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2009/09/16 20:37:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2009/10/04 22:08:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2009/09/23 20:56:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2009/09/23 21:26:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2009/09/16 20:37:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2009/09/25 18:56:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2009/10/11 11:09:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/10/04 21:02:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire
[2009/09/25 18:56:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2009/09/23 06:37:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/09/23 06:37:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/10/15 03:11:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/09/16 20:37:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/10/03 23:54:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SiteAdvisor
[2009/10/05 20:22:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2009/10/05 20:21:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2009/10/07 17:03:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/05 20:22:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2009/09/23 06:34:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/13 20:58:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/23 06:37:06 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/04 11:09:16 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
[2009/10/15 14:51:09 | 00,000,000 | ---D | C] -- C:\b76cfdaca25c7e14f4313e1cf6046542
[2009/10/15 03:12:49 | 00,033,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2009/10/15 02:55:13 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/10/11 11:11:38 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/05 20:28:56 | 00,000,000 | ---D | C] -- C:\Users\Richard\Documents\Vegas Movie Studio PE 9.0 Projects
[2009/10/04 22:08:55 | 00,393,216 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUP60.dll
[2009/10/04 22:08:55 | 00,249,856 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLURT.dll
[2009/10/04 22:08:55 | 00,061,440 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MMCEDT.exe
[2009/10/04 10:17:38 | 00,000,000 | ---D | C] -- C:\Users\Richard\Documents\MediaConverter
[2009/09/25 19:00:58 | 00,000,000 | ---D | C] -- C:\Users\Richard\Documents\Downloads
[2009/09/23 07:37:29 | 00,000,000 | ---D | C] -- C:\Windows\Replay Converter 3
[2009/09/23 07:03:08 | 00,000,000 | ---D | C] -- C:\Users\Richard\Documents\Media Converter for Philips
[2009/09/23 06:53:35 | 00,000,000 | ---D | C] -- C:\Philips
[2009/09/23 06:52:56 | 00,000,000 | ---D | C] -- C:\temp
[2009/09/23 06:37:35 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

========== Files - Modified Within 30 Days ==========

[2009/10/15 16:48:03 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/15 16:48:03 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/15 16:16:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/15 14:48:57 | 00,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/15 14:48:15 | 00,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{12D2AAC3-713A-447E-8DC7-4B4DEE477597}.job
[2009/10/15 14:48:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/15 03:02:52 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/15 03:02:52 | 00,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/15 03:02:52 | 00,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/15 02:57:10 | 00,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/15 02:57:00 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/15 02:56:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/15 02:55:42 | 02,680,246 | -H-- | M] () -- C:\Users\Richard\AppData\Local\IconCache.db
[2009/10/14 22:13:23 | 00,031,744 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 20:17:19 | 00,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/10/13 19:56:10 | 00,100,272 | ---- | M] () -- C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/13 19:54:17 | 00,371,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/13 19:42:25 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/10/12 21:45:07 | 00,077,824 | ---- | M] () -- C:\Users\Richard\Desktop\Research and explain the XYZ Affair between the U.doc
[2009/10/12 08:48:54 | 00,041,984 | ---- | M] () -- C:\Users\Richard\Desktop\XYZ Affair home cheat.doc
[2009/10/11 11:09:21 | 00,000,763 | ---- | M] () -- C:\Users\Richard\Desktop\NTREGOPT.lnk
[2009/10/11 11:09:21 | 00,000,744 | ---- | M] () -- C:\Users\Richard\Desktop\ERUNT.lnk
[2009/10/09 16:30:52 | 00,708,868 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/07 17:03:20 | 00,001,928 | ---- | M] () -- C:\Users\Richard\Desktop\HijackThis.lnk
[2009/10/05 20:22:24 | 00,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk
[2009/10/04 23:05:00 | 00,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Internet Video Downloader.lnk
[2009/10/04 23:05:00 | 00,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Media Converter for Philips.lnk
[2009/10/04 23:03:11 | 00,000,921 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
[2009/10/04 23:03:11 | 00,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk
[2009/10/04 22:09:53 | 00,001,848 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Theatre.lnk
[2009/10/04 21:03:00 | 00,001,046 | ---- | M] () -- C:\Users\Richard\Desktop\FrostWire 4.18.3.lnk
[2009/10/04 11:09:17 | 00,001,606 | ---- | M] () -- C:\Users\Richard\Desktop\Recuva.lnk
[2009/10/04 09:53:39 | 00,001,072 | -H-- | M] () -- C:\IPH.PH
[2009/10/04 09:53:30 | 00,001,752 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2009/10/03 22:24:33 | 00,001,724 | ---- | M] () -- C:\Users\Richard\Desktop\CCleaner.lnk
[2009/10/01 20:42:31 | 00,001,792 | ---- | M] () -- C:\Users\Richard\Desktop\Left 4 Dead.lnk
[2009/09/27 23:12:22 | 00,014,646 | ---- | M] () -- C:\Windows\SysNative\nvdisp.nvu
[2009/09/27 18:22:50 | 00,253,738 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml
[2009/09/27 18:22:50 | 00,068,587 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml
[2009/09/23 21:27:24 | 00,001,128 | ---- | M] () -- C:\Users\Richard\Desktop\AVS4YOU Software Navigator.lnk
[2009/09/23 21:27:05 | 00,001,079 | ---- | M] () -- C:\Users\Richard\Desktop\AVS Video Converter 6.lnk
[2009/09/23 06:38:10 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/22 21:43:39 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/21 22:30:21 | 06,273,536 | ---- | M] () -- C:\Users\Richard\Documents\Richs power point2.ppt
[2009/09/21 01:46:06 | 00,373,089 | ---- | M] () -- C:\Users\Richard\Documents\Scribble words.docx
[2009/09/20 00:05:44 | 00,004,096 | -H-- | M] () -- C:\Users\Richard\AppData\Local\keyfile3.drm
[2009/09/18 00:13:00 | 00,010,412 | ---- | M] () -- C:\Users\Richard\Documents\Profane.docx
[2009/09/16 20:37:41 | 00,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/15 23:43:42 | 00,012,404 | ---- | M] () -- C:\Users\Richard\Documents\Mzxamyx123.docx

========== Files - No Company Name ==========
[2009/10/12 20:15:51 | 00,077,824 | ---- | C] () -- C:\Users\Richard\Desktop\Research and explain the XYZ Affair between the U.doc
[2009/10/12 20:15:39 | 00,041,984 | ---- | C] () -- C:\Users\Richard\Desktop\XYZ Affair home cheat.doc
[2009/10/11 11:09:21 | 00,000,763 | ---- | C] () -- C:\Users\Richard\Desktop\NTREGOPT.lnk
[2009/10/11 11:09:21 | 00,000,744 | ---- | C] () -- C:\Users\Richard\Desktop\ERUNT.lnk
[2009/10/09 16:30:52 | 00,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/07 17:03:20 | 00,001,928 | ---- | C] () -- C:\Users\Richard\Desktop\HijackThis.lnk
[2009/10/05 20:22:24 | 00,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk
[2009/10/04 22:09:53 | 00,001,848 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Theatre.lnk
[2009/10/04 22:09:47 | 00,143,872 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys
[2009/10/04 11:09:17 | 00,001,606 | ---- | C] () -- C:\Users\Richard\Desktop\Recuva.lnk
[2009/10/04 09:53:30 | 00,001,752 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2009/10/01 20:42:31 | 00,001,792 | ---- | C] () -- C:\Users\Richard\Desktop\Left 4 Dead.lnk
[2009/09/27 23:12:22 | 00,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2009/09/27 18:22:50 | 00,253,738 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml
[2009/09/27 18:22:50 | 00,068,587 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml
[2009/09/25 19:11:22 | 00,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/25 19:11:21 | 00,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/25 18:58:23 | 00,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/09/25 07:28:05 | 00,001,046 | ---- | C] () -- C:\Users\Richard\Desktop\FrostWire 4.18.3.lnk
[2009/09/23 21:27:24 | 00,001,128 | ---- | C] () -- C:\Users\Richard\Desktop\AVS4YOU Software Navigator.lnk
[2009/09/23 21:27:05 | 00,001,079 | ---- | C] () -- C:\Users\Richard\Desktop\AVS Video Converter 6.lnk
[2009/09/23 07:44:36 | 00,020,318 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\ReplayConverterLog.log
[2009/09/23 06:56:55 | 00,000,006 | -HS- | C] () -- C:\Users\Richard\AppData\Roaming\desktop.ini
[2009/09/23 06:56:55 | 00,000,006 | -HS- | C] () -- C:\Users\Richard\AppData\Local\desktop.ini
[2009/09/23 06:56:01 | 00,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Internet Video Downloader.lnk
[2009/09/23 06:56:01 | 00,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Media Converter for Philips.lnk
[2009/09/23 06:53:35 | 00,000,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
[2009/09/23 06:53:35 | 00,000,887 | ---- | C] () -- C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk
[2009/09/23 06:38:10 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/22 21:43:39 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/21 15:53:42 | 06,273,536 | ---- | C] () -- C:\Users\Richard\Documents\Richs power point2.ppt
[2009/09/21 01:46:02 | 00,373,089 | ---- | C] () -- C:\Users\Richard\Documents\Scribble words.docx
[2009/09/20 00:05:44 | 00,004,096 | -H-- | C] () -- C:\Users\Richard\AppData\Local\keyfile3.drm
[2009/09/18 00:12:59 | 00,010,412 | ---- | C] () -- C:\Users\Richard\Documents\Profane.docx
[2009/09/16 20:37:41 | 00,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/15 23:43:42 | 00,012,404 | ---- | C] () -- C:\Users\Richard\Documents\Mzxamyx123.docx
[2009/08/31 13:54:26 | 00,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/25 17:59:41 | 00,000,552 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d8caps.dat
[2009/08/05 20:52:07 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/05 20:51:41 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/05 10:53:43 | 00,024,088 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\UserTile.png
[2009/07/29 16:20:33 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/24 02:23:04 | 00,031,744 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 18:26:45 | 00,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/23 18:26:43 | 00,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/23 18:25:30 | 02,680,246 | -H-- | C] () -- C:\Users\Richard\AppData\Local\IconCache.db
[2009/07/23 18:21:02 | 00,000,732 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps64.dat
[2009/07/23 15:57:36 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/07/23 15:53:46 | 00,100,272 | ---- | C] () -- C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/20 19:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

#8 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 15 October 2009 - 06:13 PM

and this is the extras.txt


OTL Extras logfile created on: 10/15/2009 4:58:59 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Richard\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.52% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 61.18 Gb Free Space | 41.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD-PC
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 26 D2 13 09 4D 16 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{292FF2AC-F194-42FC-A9A9-1B4095147796}" = rport=137 | protocol=17 | dir=out | app=system |
"{3747B703-00A5-4EDF-98CB-15729ADA5664}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B90AEAF-56F9-4A7A-B14B-AC1C6E181A00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{559B0E0F-9C29-4CF3-90AC-85230F422B57}" = rport=445 | protocol=6 | dir=out | app=system |
"{5651A646-29CD-4FCE-BB01-3DCCAEF9A971}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{62EA648F-4024-470A-A56B-D54CD084BA9C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{674EB58B-1D72-4C01-AE8A-22180BE3E5D7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D80326E-E9B5-4718-A5F7-828C09498837}" = rport=139 | protocol=6 | dir=out | app=system |
"{7090B5FE-1487-4FD6-A3A6-F47BAF7C8C2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CF91F14-1CDC-44CB-851C-3E86EB17A038}" = lport=139 | protocol=6 | dir=in | app=system |
"{87A13BD3-E118-42BC-8EA8-8CE7D43CDF69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A7CE8414-4601-40A3-ACB8-C801E53CE386}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A96A4C99-42B0-4B11-B020-3374B9E10969}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C537E840-62C6-4680-827E-2AB2F5E71429}" = lport=445 | protocol=6 | dir=in | app=system |
"{D931C874-BDF0-4DE1-A20F-8C5FFE7D0E5B}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9371436-3997-427F-917E-2C9CBA6F2104}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA59B075-F8AA-41F7-86C1-916120EC2B50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6B8A1EA-FCF1-474B-AE96-EA0EA940409E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F8809FD4-0112-4D4D-AB7D-C1F348D1232F}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0263ABB3-0247-42EC-B57B-8F41A009669B}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{0C2DF3DC-580B-48B8-BA4A-D962B5EBD06A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1C022513-A4A8-440B-B02C-3B7A8C0FA0BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1CEC82F2-7918-4E3F-8BC7-743166FD25A4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1E25B0D0-3F4F-4876-86FD-9D8C7E85AF94}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{207C2E90-C5D2-4F84-A2D9-AC37C2237AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24294DE9-1A41-4291-937A-16993855C6E6}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{2BC4E210-DE23-4340-8883-9A34BE8D0F9F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{333E22A1-6EA8-48DE-BDFB-D2A919C3C510}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{34DB8B9B-46DA-4EDA-8455-770626074FD6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3BF9708B-E112-469B-9D82-1F48BE3677A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4524F63A-B9B3-45C5-999F-D50A91D5EB1E}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{45DD5C3D-AE2F-4CD8-B68D-023E8AAE8117}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4A5F00C1-9392-44DB-B7CA-6701A5EDDC7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4C30B5C4-1BFA-4B2D-A183-D5AFE3CFE09B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4DBF565C-599C-4597-8B4F-1210F7405A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{57475D41-02B7-415B-8012-AD05740FA96E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5FB314B3-A5F4-4DB9-ADEB-F74F895BFAA9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{66DD8431-4583-428D-B88B-63FE69F24262}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{67C5BE2D-F8B3-473C-82C3-9EB6FACCEE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{6A4769CC-6CF4-4615-B20A-6C452781CB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{7A992A76-77E5-4A56-AD54-2397DC1E7FDB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7F227A0C-4F7C-4595-A85D-24CC7AD6693D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{82F38701-EA52-4535-ABF8-C6BFDF583B57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{962D8A01-0F9F-4DCD-A7FA-38EE695DD98B}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{9D4094EC-868F-46D2-A4B9-086A01ADBE40}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{A891BD5E-3AD3-4F2F-BD54-8676CF2E2B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ABA0F3C9-E331-4712-88CA-7F8880EAFF0B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B9976C92-71CF-48DE-A067-E1B49533F412}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{BF513B82-E117-45CA-9947-80AB2747B8EB}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{C194B8D9-1A38-43BA-B00A-864A23058651}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C731C54F-78CC-4DC5-A46A-B04288446C18}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{CAC5DEE7-FEDD-40F2-8305-78024E97F1EB}" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\purplebean.exe |
"{CC35092A-8310-48C5-B1B4-A7398054765C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CD9100D5-ED93-464D-A4D9-3B8E43549B39}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{D91A0522-57CD-45F5-AFDD-89417A8B7092}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{DFC30D0D-45F5-40B8-8424-DA150201427A}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{E276F479-6AFF-47BE-95AA-D3F50D200951}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E7774075-8D33-4AC6-886B-779EADEFDE79}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EC5FC0A2-7646-4C1F-A942-02A945697699}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4D358B7-B4B1-4034-AB70-6E23A505070A}" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\purplebean.exe |
"TCP Query User{11D47028-87B1-404F-8A96-DA38F8274B9E}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
"TCP Query User{23225FB4-8FDB-4E04-9ED4-5690ED2EA501}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{449FB625-9ABE-4C7F-BDB6-664BDBA7765D}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{529EF7FE-4896-4F28-A2C8-2AC1A5589312}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{65EA2044-2BC0-4AA8-B750-C2077618EE30}C:\programdata\ijjigame\plauncher.exe" = protocol=6 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |
"TCP Query User{70F5F803-6605-4F93-BCB8-7FC7B40AE6B3}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
"TCP Query User{8E0F624C-4F5B-4685-B2C1-439BC90D9D39}C:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe |
"TCP Query User{93850699-B00A-4C70-BB66-6C4BE75941FD}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{B4AE72A4-6DE3-4B94-A7F0-46345F5B6F51}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{CF8B0874-226B-4D19-B26E-12157175BFB5}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{EFAF5108-A3CE-41DA-8F78-8EFA1EB719D7}C:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe |
"UDP Query User{2706EC7E-C589-437D-9155-D5D383167F56}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{330D3474-B5CB-4879-B131-C5FBDBCB279A}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{71B3E63D-D8D6-487E-AABD-F25917EC547D}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
"UDP Query User{734FEFC8-7FD0-4701-9E78-337E885D71E3}C:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe |
"UDP Query User{7D46BA11-01A5-4202-AC70-7E30BD15FA38}C:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe |
"UDP Query User{8BB16ACE-FFF0-4826-9540-A322DD1BE248}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{8CDE59F1-4963-4B3F-B302-322213ADA08E}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{8CE76999-3C34-48F8-A64B-9EA381FD8167}C:\programdata\ijjigame\plauncher.exe" = protocol=17 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |
"UDP Query User{8D07BE88-BC2B-41CC-BA72-39EEFAA32339}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
"UDP Query User{C552180A-72B4-4DD2-9726-7D47D3D21753}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{D279E747-EE5C-495B-A7DC-CA21CC728994}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{83B8C63E-241F-4969-91AF-5FDC79D48D1C}" = ESET Smart Security
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"UltSounds" = Windows Sound Schemes

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{587FD9A4-65A2-423E-AB1D-3BE7F1890AD5}" = ArcSoft TotalMedia Theatre
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.18.3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Steam App 500" = Left 4 Dead
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 11:52:53 PM | Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 10/13/2009 11:52:53 PM | Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 10/13/2009 11:55:42 PM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/13/2009 11:59:12 PM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Users\Richard\Documents\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/14/2009 5:27:34 PM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2009 12:24:25 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2009 12:55:36 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2009 1:13:19 AM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-2007572775-1956699559-2467264984-1000\$R2LISVU.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 10/15/2009 4:50:25 AM | Computer Name = Richard-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module datacache.dll, version 0.0.0.0, time stamp 0x46439c7b, exception
code 0xc0000005, fault offset 0x0000b423, process id 0xc28, application start time
0x01ca4d6684728563.

Error - 10/15/2009 5:58:20 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/24/2009 3:12:15 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10010
Description =

Error - 9/24/2009 4:49:37 AM | Computer Name = Richard-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.8 for the Network Card with network address
001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server
sent a DHCPNACK message).

Error - 9/24/2009 7:10:15 PM | Computer Name = Richard-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.67 for the Network Card with network
address 001E2AC2233F has been denied by the DHCP server 10.0.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/25/2009 9:35:33 AM | Computer Name = Richard-PC | Source = PlugPlayManager | ID = 12
Description = The device 'SONY DVD RW DW-D22A ATA Device' (IDE\CdRomSONY_DVD_RW_DW-D22A_____________________BYS3____\6&3c85bda&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 9/25/2009 9:35:33 AM | Computer Name = Richard-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 9/25/2009 9:35:33 AM | Computer Name = Richard-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 9/25/2009 8:45:25 PM | Computer Name = Richard-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.8 for the Network Card with network address
001E2AC2233F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent
a DHCPNACK message).

Error - 9/25/2009 9:42:50 PM | Computer Name = Richard-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.9 for the Network Card with network address
001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server
sent a DHCPNACK message).

Error - 9/26/2009 11:14:16 AM | Computer Name = Richard-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.9 for the Network Card with network address
001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server
sent a DHCPNACK message).

Error - 9/27/2009 2:52:11 AM | Computer Name = Richard-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.9 for the Network Card with network address
001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 15 October 2009 - 11:07 PM

virusnoob,

I'm not finding anything more.

Log looks good :D


You need to create a new Clean restore point:

  • Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.
Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#10 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 16 October 2009 - 09:29 AM

can you wait becuase ill reply you when i get home and get to do the above ty im at school.

#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 16 October 2009 - 09:32 AM

virusnoob, No problem. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 16 October 2009 - 06:46 PM

ummm i have vista and i cannot find my computer and the tools menu

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 October 2009 - 08:28 AM

virusnoob,

Please look here for directions on showing hidden files on Vista.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 26 October 2009 - 11:11 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·