TechSpot

[A] System Check tells me hard drives need repairing

By Selinya
Dec 28, 2011
  1. I have a similar problem to http://www.techspot.com/vb/topic175275.html and http://www.techspot.com/vb/topic172736.html

    Essentially my computer just shut off without warning, and when it restarted all my desktop files were "gone". They still existed, I can search for them and open them, but I am unable to see them. Going into either of my harddrives doesn't actually show me anything curiously enough. Folders everywhere are empty, but the files are obviously still there. The task manager sets off a blue screen and many files are unable to be overwritten or accessed. Then this "System Check" program starts opening and trying to "repair" my harddrive.

    Ironically, I had just finished my Kaspersky trial the other night and was planning to uninstall it today. Well, I can't, it's unable to uninstall due to the fact it can't write to a specific file in the "installer" folder. So I'm stuck with a virus program I can't use.

    I did have MalwareBytes, tried to run it, it was unable to update. I took the version from the five step guide, and installed it in the C: drive instead of Programs (x86) and it was able to write itself onto the drive. I've posted the log below:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.29.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jackie :: JACKIE-PC [administrator]

    12/28/2011 8:03:19 PM
    mbam-log-2011-12-28 (20-03-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 180386
    Time elapsed: 2 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jackie\AppData\Local\jmq.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

    It detected two things, I removed them both, restarting now (will post the GMER log once that's dealt with). Thank you for any help in advanced.
     
  2. Selinya

    Selinya TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-28 20:44:54
    Windows 6.1.7601 Service Pack 1
    Running: rq8jtsjd.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\\x3084\x308a\x3059\x304e\x3044\x305f\x305a\x3089\xff01\x30b9\x30a4\x30df\x30f3\x30b0\x30b9\x30af\x30fc\x30eb\unins000.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\\x30a4\x30d9\x30f3\x30c8\x3078\x3044\x3053\x30466\unins000.exe 1

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Jackie at 20:46:14 on 2011-12-28
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Jackie\Downloads\rq8jtsjd.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Jackie\Downloads\dds.scr
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://918thefan.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    mRun: [rcIkTucXrvMQpF.exe] C:\ProgramData\rcIkTucXrvMQpF.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11
    TCP: Interfaces\{F77F782C-DB31-4DF0-BAB9-179D0B14929B} : DhcpNameServer = 68.105.28.11 68.105.29.11
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    BHO-X64: link filter bho - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    mRun-x64: [rcIkTucXrvMQpF.exe] C:\ProgramData\rcIkTucXrvMQpF.exe
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wte17tdx.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Jackie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wte17tdx.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
    FF - plugin: C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wte17tdx.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----

    ============= SERVICES / DRIVERS ===============
    .
    R? AVP;Kaspersky Anti-Virus Service
    R? BCUService;Browser Configuration Utility Service
    R? BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? dump_wmimmc;dump_wmimmc
    R? EagleX64;EagleX64
    R? FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance
    R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
    R? npggsvc;nProtect GameGuard Service
    R? ose64;Office 64 Source Engine
    R? osppsvc;Office Software Protection Platform
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? Synth3dVsc;Synth3dVsc
    R? TsUsbFlt;TsUsbFlt
    R? tsusbhub;tsusbhub
    R? VGPU;VGPU
    R? WatAdminSvc;Windows Activation Technologies Service
    R? X6va002;X6va002
    R? X6va005;X6va005
    S? AntiVirSchedulerService;Avira Scheduler
    S? AntiVirService;Avira Realtime Protection
    S? asmthub3;ASMedia USB3 Hub Service
    S? asmtxhci;ASMEDIA XHCI Service
    S? avgntflt;avgntflt
    S? avkmgr;avkmgr
    S? CompFilter64;UVCCompositeFilter
    S? cpuz135;cpuz135
    S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
    S? Fabs;FABS - Helping agent for MAGIX media database
    S? Hamachi2Svc;LogMeIn Hamachi Tunneling Engine
    S? kl2;kl2
    S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
    S? klmouflt;Kaspersky Lab KLMOUFLT
    S? LVRS64;Logitech RightSound Filter Driver
    S? LVUVC64;Logitech HD Webcam C510(UVC)
    S? MEIx64;Intel(R) Management Engine Interface
    S? RTL8167;Realtek 8167 NT Driver
    S? UMVPFSrv;UMVPFSrv
    S? UNS;Intel(R) Management and Security Application User Notification Service
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-12-29 04:03:23 -------- d-----w- C:\Users\Jackie\AppData\Roaming\Avira
    2011-12-29 04:02:54 -------- d-----w- C:\Malwarebytes' Anti-Malware
    2011-12-29 03:57:59 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-12-29 03:57:59 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2011-12-29 03:57:58 -------- d-----w- C:\ProgramData\Avira
    2011-12-29 03:57:58 -------- d-----w- C:\Program Files (x86)\Avira
    2011-12-29 03:14:34 -------- d-----w- C:\$RECYCLE.BIN
    2011-12-29 03:01:54 -------- d-----w- C:\ComboFix
    2011-12-29 02:58:46 4354974 ------r- C:\ComboFix.exe
    2011-12-29 02:54:11 1918464 ----a-w- C:\aswMBR.exe
    2011-12-29 02:13:58 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2011-12-26 23:20:54 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
    2011-12-26 23:20:54 -------- d--h--w- C:\Program Files\CPUID
    2011-12-26 04:39:15 62632 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
    2011-12-26 04:39:15 -------- d--h--w- C:\Program Files\Virtual Audio Cable
    2011-12-26 04:32:05 -------- d--h--w- C:\Windows\SysWow64\RTCOM
    2011-12-26 04:32:05 -------- d--h--w- C:\Program Files\Realtek
    2011-12-26 04:22:37 -------- d--h--w- C:\Users\Jackie\AppData\Local\Jaksta_Technologies_Pty_L
    2011-12-26 04:21:42 -------- d--h--w- C:\Program Files (x86)\Applian Technologies
    2011-12-26 04:21:31 -------- d--h--w- C:\Users\Jackie\AppData\Roaming\Replay Media Catcher 4
    2011-12-26 04:21:31 -------- d--h--w- C:\ProgramData\Applian
    2011-12-06 10:35:07 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CF895C2-5F98-417F-A47A-EFE771A664FF}\mpengine.dll
    2011-12-05 07:40:34 -------- d--h--w- C:\Users\Jackie\AppData\Roaming\TeamViewer
    .
    ==================== Find3M ====================
    .
    2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-17 06:52:15 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-27 06:25:52 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2011-10-04 01:45:52 819729 ---ha-w- C:\Windows\SysWow64\mrvcl32.exe
    .
    ============= FINISH: 20:46:46.68 ===============

    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.6
    AnswerWorks 5.0 English Runtime
    Any Video Converter 3.2.7
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Audacity 1.3.13 (Unicode)
    Avira Free Antivirus
    Bing Bar Platform
    Browser Configuration Utility
    BufferChm
    CleanMyPC - Registry Cleaner
    Combined Community Codec Pack 2011-06-26
    Corel PaintShop Pro X4
    D1500
    DAEMON Tools Lite
    dBpoweramp DSP Effects
    dBpoweramp FLAC Codec
    dBpoweramp m4a Codec
    dBpoweramp Monkeys Audio Codec
    dBpoweramp mp3 (Fraunhofer IIS) Codec
    dBpoweramp Music Converter
    dBpoweramp OptimFROG Codec
    dBpoweramp Real Audio (Helix) Encoder
    dBpoweramp Shorten Codec
    dBpoweramp TTA Codec
    dBpoweramp WavPack Codec
    dBpowerAMP Windows Media Audio 9 Codec
    DeviceDiscovery
    DFOLauncher
    DJ_SF_03_D1500_Software_Min
    FileZilla Client 3.5.2
    Firebird SQL Server - MAGIX Edition
    FL Studio 10
    ForceBindIP
    GPBaseService2
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    ICA
    IL Download Manager
    Intel(R) Management Engine Components
    IPM_PSP_COM
    iZotope Ozone 4
    Java Auto Updater
    Java(TM) 6 Update 26
    Kaspersky Anti-Virus 2012
    Lemmings for Windows 95
    LogMeIn Hamachi
    MAGIX Movie Edit Pro 17 Plus Download Version
    MAGIX Screenshare
    MAGIX Speed burnR (MSI)
    Mal Updater 2.80
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    Microsoft AppLocale
    Microsoft Default Manager
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    MixMeister Studio Demo 7.4.4
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (8.0)
    Mp3tag v2.49
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nexon Game Manager
    Pando Media Booster
    Pangya (Ntreev SG Interactive)
    PSPPContent
    PSPPHelp
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    ReNamer
    Renesas Electronics USB 3.0 Host Controller Driver
    RocketDock 1.3.5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Setup
    Skype Click to Call
    Skype™ 5.5
    SmartWebPrinting
    SolutionCenter
    Starcraft
    StarCraft II
    Status
    The Sims Medieval
    Toolbox
    TrayApp
    Trillian
    Unity Web Player
    UnloadSupport
    VOCALOID2 Editor V2.0.12.2
    VOCALOID2 Expression DB (Standard)
    VOCALOID2 Voice DB (BigAL)
    VOCALOID2 Voice DB (Gackpoid)
    VOCALOID2 Voice DB (Kiyoteru)
    VOCALOID2 Voice DB (Luka_ENG)
    VOCALOID2 Voice DB (Luka_JPN)
    VOCALOID2 Voice DB (Megpoid)
    VOCALOID2 Voice DB (Miku)
    VOCALOID2 Voice DB (Miku_dark)
    VOCALOID2 Voice DB (Miku_light)
    VOCALOID2 Voice DB (Miku_soft)
    VOCALOID2 Voice DB (Miku_solid)
    VOCALOID2 Voice DB (Miku_sweet)
    VOCALOID2 Voice DB (Miku_vivid)
    VOCALOID2 Voice DB (Sonika)
    VOCALOID2 VSTi V2.0.12.3
    Vuze
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. Selinya

    Selinya TS Rookie Topic Starter

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-28 22:36:40
    -----------------------------
    22:36:40.818 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:36:40.818 Number of processors: 4 586 0x2A07
    22:36:40.819 ComputerName: JACKIE-PC UserName: Jackie
    22:36:44.834 Initialize success
    22:57:56.724 AVAST engine defs: 11122801
    22:58:08.079 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-8
    22:58:08.081 Disk 0 Vendor: WDC_WD3200KS-00PFB0 21.00M21 Size: 305245MB BusType: 3
    22:58:08.084 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-7
    22:58:08.086 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
    22:58:08.096 Disk 1 MBR read successfully
    22:58:08.100 Disk 1 MBR scan
    22:58:08.128 Disk 1 Windows 7 default MBR code
    22:58:08.148 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:58:08.157 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    22:58:08.163 Service scanning
    22:58:09.351 Modules scanning
    22:58:09.356 Disk 1 trace - called modules:
    22:58:09.387 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    22:58:09.402 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007df1790]
    22:58:09.407 3 CLASSPNP.SYS[fffff8800191443f] -> nt!IofCallDriver -> [0xfffffa8007b27580]
    22:58:09.413 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-7[0xfffffa8007b3d680]
    22:58:11.480 AVAST engine scan C:\Windows
    22:58:15.547 AVAST engine scan C:\Windows\system32
    23:00:38.510 AVAST engine scan C:\Windows\system32\drivers
    23:00:57.832 AVAST engine scan C:\Users\Jackie
    23:01:32.859 Disk 1 MBR has been saved successfully to "C:\Users\Jackie\Downloads\MBR.dat"
    23:01:32.890 The log file has been saved successfully to "C:\Users\Jackie\Downloads\aswMBR.txt"


    As a note I already have ComboFix on my desktop, I did for emergencies, but since I can't see anything but these new programs on my desktop it won't allow me to overwrite ComboFix with a new file (it says the old one is marked as Read-Only). Should I save ComboFix elsewhere on my PC or can I activate the other one somehow (maybe via search)?

    I also have a feeling that when I try to run it it will tell me Kaspersky is running, but I can't uninstall that. Should I proceed with ComboFix regardless?

    Thanks for all your help.
     
  5. Selinya

    Selinya TS Rookie Topic Starter

    Ignore my last question I suppose. I was able to install the new version on the Desktop, and it didn't have any problems with Kaspersky. My desktop items finally showed up as well as my background. I can also see everything in my Program Files now, so the biggest problem is out of the way. Here's the Combo Fix log:

    ComboFix 11-12-28.03 - Jackie 12/28/2011 23:11:07.5.4 - x64
    Running from: c:\users\Jackie\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\~VHuekERdTtZ5Y2
    c:\programdata\~VHuekERdTtZ5Y2r
    c:\programdata\rcIkTucXrvMQpF.exe
    c:\programdata\VHuekERdTtZ5Y2
    c:\programdata\VHuekERdTtZ5Y2.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 07:16 . 2011-12-29 07:16 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-12-29 07:16 . 2011-12-29 07:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-29 04:03 . 2011-12-29 04:03 -------- d-----w- c:\users\Jackie\AppData\Roaming\Avira
    2011-12-29 04:02 . 2011-12-29 04:02 -------- d-----w- C:\Malwarebytes' Anti-Malware
    2011-12-29 03:57 . 2011-12-15 23:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-29 03:57 . 2011-12-15 23:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-12-29 03:57 . 2011-12-15 23:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-29 03:57 . 2011-12-29 03:57 -------- d-----w- c:\programdata\Avira
    2011-12-29 03:57 . 2011-12-29 03:57 -------- d-----w- c:\program files (x86)\Avira
    2011-12-29 02:13 . 2011-12-29 02:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2011-12-26 23:20 . 2011-12-26 23:20 -------- d--h--w- c:\program files\CPUID
    2011-12-26 23:20 . 2011-09-21 18:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
    2011-12-26 04:39 . 2011-12-26 22:44 -------- d--h--w- c:\program files\Virtual Audio Cable
    2011-12-26 04:39 . 2011-12-26 04:39 62632 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
    2011-12-26 04:32 . 2011-12-26 22:46 -------- d--h--w- c:\windows\SysWow64\RTCOM
    2011-12-26 04:32 . 2011-12-26 04:32 -------- d--h--w- c:\program files\Realtek
    2011-12-26 04:22 . 2011-12-26 04:22 -------- d--h--w- c:\users\Jackie\AppData\Local\Jaksta_Technologies_Pty_L
    2011-12-26 04:21 . 2011-12-26 04:21 -------- d--h--w- c:\program files (x86)\Applian Technologies
    2011-12-26 04:21 . 2011-12-26 04:22 -------- d--h--w- c:\users\Jackie\AppData\Roaming\Replay Media Catcher 4
    2011-12-26 04:21 . 2011-12-26 04:21 -------- d--h--w- c:\programdata\Applian
    2011-12-21 04:08 . 2011-12-21 04:08 -------- d--h--w- c:\program files (x86)\Common Files\logishrd
    2011-12-21 04:06 . 2011-12-21 04:08 -------- d--h--w- c:\program files\Common Files\logishrd
    2011-12-06 10:35 . 2011-11-21 11:40 8822856 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CF895C2-5F98-417F-A47A-EFE771A664FF}\mpengine.dll
    2011-12-05 07:40 . 2011-12-05 07:48 -------- d--h--w- c:\users\Jackie\AppData\Roaming\TeamViewer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 23:24 . 2011-08-04 01:06 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-17 06:52 . 2011-07-02 00:13 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-27 06:25 . 2011-07-20 03:34 2828 --sha-w- c:\programdata\KGyGaAvL.sys
    2011-10-04 01:45 . 2011-10-04 01:45 819729 ---ha-w- c:\windows\SysWow64\mrvcl32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrayServer"="c:\progra~2\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]
    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-11-01 198160]
    "rcIkTucXrvMQpF.exe"="c:\programdata\rcIkTucXrvMQpF.exe" [BU]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 dump_wmimmc;dump_wmimmc;c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va002;X6va002;c:\users\Jackie\AppData\Local\Temp\002C43E.tmp [x]
    R3 X6va005;X6va005;c:\users\Jackie\AppData\Local\Temp\0053636.tmp [x]
    R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://918thefan.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wte17tdx.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo

    .
    Supplementary scan did not complete!
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-FileZilla Client - c:\program files (x86)\FileZilla FTP Client\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
    "ImagePath"="\??\c:\users\Jackie\AppData\Local\Temp\002C43E.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Jackie\AppData\Local\Temp\0053636.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\07\04\0e\01/8¥"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-28 23:32:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-29 07:32
    ComboFix2.txt 2011-11-09 12:02
    ComboFix3.txt 2011-10-31 06:48
    ComboFix4.txt 2011-09-14 03:33
    ComboFix5.txt 2011-12-29 07:09
    .
    Pre-Run: 158,068,060,160 bytes free
    Post-Run: 157,834,571,776 bytes free
    .
    - - End Of File - - 2345FE9041E2A97A55685A8232892E30

    Let me know if there's anything else I need to do next. :)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Well done :)

    Combofix log looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Selinya

    Selinya TS Rookie Topic Starter

    No other problems that I can see so far, nothing odd popping up or anything like that. So it seems on the outside everything is fixed.

    OTL logfile created on: 12/29/2011 6:47:20 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jackie\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.85 Gb Total Physical Memory | 4.80 Gb Available Physical Memory | 61.19% Memory free
    15.70 Gb Paging File | 12.73 Gb Available in Paging File | 81.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 145.91 Gb Free Space | 31.33% Space Free | Partition Type: NTFS
    Drive D: | 129.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 298.09 Gb Total Space | 132.08 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

    Computer Name: JACKIE-PC | User Name: Jackie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/29 18:46:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Desktop\OTL.exe
    PRC - [2011/12/29 00:19:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/12/15 15:00:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/11/01 04:29:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/18 23:00:00 | 002,278,240 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
    PRC - [2010/12/20 15:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 15:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    PRC - [2007/09/02 10:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/29 00:19:32 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/11/16 22:52:15 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/11/08 12:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/08/18 23:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll
    MOD - [2011/08/18 23:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
    MOD - [2011/08/18 23:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
    MOD - [2011/08/18 23:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll
    MOD - [2011/08/18 23:00:00 | 000,008,704 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll
    MOD - [2011/08/18 23:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll
    MOD - [2011/08/18 23:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll
    MOD - [2011/08/18 23:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll
    MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2007/09/02 10:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007/09/02 10:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2011/04/25 13:29:00 | 004,295,736 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
    SRV - [2010/12/20 15:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 15:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/03/05 07:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/15 15:00:35 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/12/15 15:00:35 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2011/12/15 15:00:34 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011/11/16 22:47:20 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
    DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/08/19 09:27:22 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2011/08/14 17:31:28 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/25 22:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/21 10:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
    DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
    DRV:64bit: - [2010/12/08 02:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2010/12/08 02:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/10/19 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009/08/25 19:10:54 | 000,035,840 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/04 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Yahoo"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jackie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/08/25 07:37:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/25 07:37:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/02 09:18:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/29 00:19:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 04:29:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/01 04:29:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/02 09:18:12 | 000,000,000 | ---D | M]

    [2011/07/13 15:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions
    [2011/12/28 18:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wte17tdx.default\extensions
    [2011/12/16 13:48:33 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wte17tdx.default\extensions\LogMeInClient@logmein.com
    [2011/11/16 23:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/15 02:47:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/11/16 22:48:20 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
    () (No name found) -- C:\USERS\JACKIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WTE17TDX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\JACKIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WTE17TDX.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN.XPI
    [2011/12/29 00:19:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/07/11 13:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/12/28 19:14:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
    O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\Trayserver_EN.exe (MAGIX AG)
    O4 - HKU\S-1-5-21-2646943634-1608694957-990595965-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKU\S-1-5-21-2646943634-1608694957-990595965-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2646943634-1608694957-990595965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F77F782C-DB31-4DF0-BAB9-179D0B14929B}: DhcpNameServer = 68.105.28.11 68.105.29.11
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/22 14:54:07 | 000,000,075 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/29 18:46:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jackie\Desktop\OTL.exe
    [2011/12/28 23:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/12/28 23:32:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/12/28 23:18:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/12/28 22:35:30 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Jackie\Desktop\aswMBR.exe
    [2011/12/28 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Avira
    [2011/12/28 20:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/28 20:02:54 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
    [2011/12/28 19:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/12/28 19:57:59 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/12/28 19:57:59 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/12/28 19:57:59 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2011/12/28 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/12/28 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/12/28 19:26:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/12/28 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2011/12/28 18:13:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2011/12/26 15:20:54 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
    [2011/12/26 15:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2011/12/26 15:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2011/12/25 20:39:15 | 000,062,632 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
    [2011/12/25 20:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
    [2011/12/25 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
    [2011/12/25 20:32:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2011/12/25 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2011/12/25 20:31:49 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2011/12/25 20:31:49 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
    [2011/12/25 20:31:49 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
    [2011/12/25 20:31:49 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2011/12/25 20:31:49 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
    [2011/12/25 20:31:49 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2011/12/25 20:31:49 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2011/12/25 20:31:49 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2011/12/25 20:31:49 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
    [2011/12/25 20:31:48 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2011/12/25 20:31:48 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
    [2011/12/25 20:31:48 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2011/12/25 20:31:48 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
    [2011/12/25 20:31:48 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2011/12/25 20:31:48 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2011/12/25 20:31:48 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2011/12/25 20:31:48 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2011/12/25 20:31:48 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
    [2011/12/25 20:31:48 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2011/12/25 20:31:48 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2011/12/25 20:31:48 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2011/12/25 20:31:48 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2011/12/25 20:31:48 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2011/12/25 20:31:48 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2011/12/25 20:31:48 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2011/12/25 20:31:48 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2011/12/25 20:31:48 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2011/12/25 20:31:48 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2011/12/25 20:31:48 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
    [2011/12/25 20:31:48 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2011/12/25 20:31:48 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2011/12/25 20:31:48 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2011/12/25 20:31:48 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
    [2011/12/25 20:31:48 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2011/12/25 20:31:48 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2011/12/25 20:31:48 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
    [2011/12/25 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp
    [2011/12/25 20:22:40 | 000,000,000 | ---D | C] -- C:\Users\Jackie\Documents\My Streaming Media
    [2011/12/25 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Local\Jaksta_Technologies_Pty_L
    [2011/12/25 20:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
    [2011/12/25 20:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Replay Media Catcher 4
    [2011/12/25 20:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
    [2011/12/20 20:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
    [2011/12/20 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
    [2011/12/07 14:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
    [2011/12/04 23:40:34 | 000,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\TeamViewer
    [2011/10/03 17:45:52 | 000,819,729 | ---- | C] ( ) -- C:\Windows\SysWow64\mrvcl32.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/29 18:46:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Desktop\OTL.exe
    [2011/12/29 08:26:23 | 000,014,816 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/29 08:26:23 | 000,014,816 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/28 23:43:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/28 23:43:04 | 2027,343,871 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/28 23:08:10 | 004,354,974 | R--- | M] (Swearware) -- C:\Users\Jackie\Desktop\ComboFix.exe
    [2011/12/28 22:35:49 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Jackie\Desktop\aswMBR.exe
    [2011/12/28 20:02:55 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/28 19:58:07 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2011/12/28 19:34:14 | 000,782,382 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/12/28 19:34:14 | 000,662,762 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/12/28 19:34:14 | 000,121,630 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/12/28 19:26:37 | 490,668,781 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/12/28 19:14:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/12/28 18:45:38 | 000,000,677 | ---- | M] () -- C:\Users\Jackie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/25 20:39:15 | 000,062,632 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
    [2011/12/25 00:33:37 | 000,387,547 | ---- | M] () -- C:\header1.png
    [2011/12/15 15:00:35 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/12/15 15:00:35 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
    [2011/12/15 15:00:34 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/12/07 14:10:21 | 000,001,824 | -HS- | M] () -- C:\Users\Jackie\AppData\Local\f7n6beithc3553o8ae7ie4l1neo
    [2011/12/02 09:22:12 | 001,871,027 | ---- | M] () -- C:\Users\Jackie\Desktop\91.8 The Fan 002.zip
    [2011/12/01 20:31:01 | 001,978,737 | ---- | M] () -- C:\Users\Jackie\Desktop\showrecap.mp4
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/28 20:02:55 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/28 19:58:07 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2011/12/28 18:45:38 | 000,000,677 | ---- | C] () -- C:\Users\Jackie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/28 18:32:56 | 490,668,781 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/12/25 00:33:36 | 000,387,547 | ---- | C] () -- C:\header1.png
    [2011/12/07 14:08:38 | 000,001,824 | -HS- | C] () -- C:\Users\Jackie\AppData\Local\f7n6beithc3553o8ae7ie4l1neo
    [2011/12/02 09:22:12 | 001,871,027 | ---- | C] () -- C:\Users\Jackie\Desktop\91.8 The Fan 002.zip
    [2011/12/01 20:30:51 | 001,978,737 | ---- | C] () -- C:\Users\Jackie\Desktop\showrecap.mp4
    [2011/11/16 22:51:44 | 000,017,408 | ---- | C] () -- C:\Users\Jackie\AppData\Local\WebpageIcons.db
    [2011/10/21 19:08:49 | 004,874,240 | ---- | C] () -- C:\Windows\SysWow64\DSE2_DFT.dll
    [2011/09/13 19:18:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/13 19:18:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/13 19:18:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/13 19:18:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/13 19:18:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/10 12:25:30 | 000,775,966 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/02 09:27:31 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp
    [2011/09/02 09:15:44 | 000,160,300 | ---- | C] () -- C:\Windows\hphins26.dat
    [2011/09/02 09:15:44 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl26.dat
    [2011/08/20 20:33:11 | 000,000,057 | ---- | C] () -- C:\Windows\.ini
    [2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/08/14 19:46:09 | 000,048,471 | ---- | C] () -- C:\Windows\SysWow64\ForceBindIP-Uninstaller.exe
    [2011/08/14 17:41:11 | 000,033,021 | ---- | C] () -- C:\Windows\scunin.dat
    [2011/08/10 06:34:58 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2011/08/06 02:53:20 | 000,000,600 | ---- | C] () -- C:\Users\Jackie\AppData\Local\PUTTY.RND
    [2011/07/23 16:56:44 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
    [2011/07/23 16:56:20 | 000,003,317 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
    [2011/07/23 16:56:10 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
    [2011/07/23 16:56:03 | 000,003,423 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp TTA Codec.dat
    [2011/07/23 16:55:57 | 000,003,417 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Shorten Codec.dat
    [2011/07/23 16:55:41 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
    [2011/07/23 16:55:39 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
    [2011/07/23 16:55:39 | 000,003,473 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp OptimFROG Codec.dat
    [2011/07/23 16:55:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
    [2011/07/23 16:54:59 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
    [2011/07/23 16:54:40 | 000,003,631 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
    [2011/07/23 16:51:45 | 000,010,105 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2011/07/23 16:51:42 | 002,857,336 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2011/07/23 16:51:42 | 000,014,057 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/07/19 19:36:07 | 000,003,584 | ---- | C] () -- C:\Users\Jackie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/19 19:34:49 | 000,000,088 | RHS- | C] () -- C:\ProgramData\D26301C20C.sys
    [2011/07/19 19:34:48 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/07/13 15:28:23 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/07/13 15:18:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/07/01 15:36:05 | 000,022,844 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2011/07/01 15:28:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/03/25 22:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/03/25 22:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/03/25 22:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2009/09/17 03:26:52 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\ForceBindIP.exe
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
     
  8. Selinya

    Selinya TS Rookie Topic Starter

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/12/28 23:32:21 | 000,015,013 | ---- | M] () -- C:\ComboFix.txt
    [2011/12/25 00:33:37 | 000,387,547 | ---- | M] () -- C:\header1.png
    [2011/12/28 23:43:04 | 2027,343,871 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 20:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/12/28 23:43:07 | 4134,785,023 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/07/01 14:58:44 | 000,000,221 | -HS- | M] () -- C:\Users\Jackie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/28 22:35:49 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Jackie\Desktop\aswMBR.exe
    [2011/12/28 23:08:10 | 004,354,974 | R--- | M] (Swearware) -- C:\Users\Jackie\Desktop\ComboFix.exe
    [2011/12/29 18:46:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/07/13 16:24:45 | 000,000,402 | -HS- | M] () -- C:\Users\Jackie\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/19 19:35:52 | 000,000,088 | RHS- | M] () -- C:\ProgramData\D26301C20C.sys
    [2011/09/02 09:29:16 | 000,001,524 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/10/26 22:25:52 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >
    [2003/06/13 14:23:06 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AppLoc.exe
    [1 C:\Windows\AppPatch\*.tmp files -> C:\Windows\AppPatch\*.tmp -> ]

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/10/03 12:13:00 | 000,000,000 | ---D | M](C:\Users\Jackie\AppData\Local\??????????????) -- C:\Users\Jackie\AppData\Local\妹ヒロインプリティーミネット
    [2011/10/03 12:13:00 | 000,000,000 | ---D | M](C:\Users\Jackie\AppData\Local\??????????????) -- C:\Users\Jackie\AppData\Local\妹ヒロインプリティーミネット
    (C:\Users\Jackie\AppData\Local\??????????????) -- C:\Users\Jackie\AppData\Local\妹ヒロインプリティーミネット

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:ECF54A0E

    < End of report >

    OTL Extras logfile created on: 12/29/2011 6:47:20 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jackie\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.85 Gb Total Physical Memory | 4.80 Gb Available Physical Memory | 61.19% Memory free
    15.70 Gb Paging File | 12.73 Gb Available in Paging File | 81.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 145.91 Gb Free Space | 31.33% Space Free | Partition Type: NTFS
    Drive D: | 129.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 298.09 Gb Total Space | 132.08 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

    Computer Name: JACKIE-PC | User Name: Jackie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2646943634-1608694957-990595965-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFe}" = Python 3.2.2 (64-bit)
    "{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DB8B599D-2BD5-493C-ABC1-FEE980129D19}" = HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Logitech WebCam Driver" = Logitech WebCam Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Shop for HP Supplies" = Shop for HP Supplies
    "Unlocker" = Unlocker 1.9.1-x64
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
    "{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
    "{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
    "{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
    "{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
    "{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
    "{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
    "{07E900C8-D1E3-4C24-AC9F-7FE3C1AE19A2}_is1" = Mal Updater 2.80
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83A4AF62-0810-45AA-A4CB-94D368423AD9}" = DJ_SF_03_D1500_Software_Min
    "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{981ED060-4769-42D2-99E9-0AC130A87CCF}" = MAGIX Movie Edit Pro 17 Plus Download Version
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}" = VOCALOID2 VSTi V2.0.12.3
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}" = VOCALOID2 Voice DB (Miku)
    "{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
    "{BB250C3E-2D23-45CF-9342-8B90D217008F}" = D1500
    "{BB25BCD3-18D4-498A-813A-7BAA3309DB0C}" = VOCALOID2 Voice DB (Miku_vivid)
    "{BD3EA721-92C6-4964-8614-1C011DECA90E}" = VOCALOID2 Voice DB (Sonika)
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CBE20319-46DB-46C4-9AF1-D4862D8C3471}" = VOCALOID2 Voice DB (Miku_sweet)
    "{CC26EB1A-8E6D-4DD5-90B7-316C9E73040C}" = MAGIX Screenshare
    "{D45122FA-CA1A-4841-A727-B8A46E626369}" = VOCALOID2 Voice DB (Luka_JPN)
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DE299139-8738-4172-AEB6-10DEE9875776}" = VOCALOID2 Voice DB (BigAL)
    "{E155C75A-DE68-4C86-950C-315B5128662E}" = VOCALOID2 Voice DB (Megpoid)
    "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4C6D85E-95D9-40E7-93E3-373EFACC9896}" = VOCALOID2 Voice DB (Luka_ENG)
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{ED0ACAC5-13A4-4AB4-9854-2AC30328F333}" = VOCALOID2 Voice DB (Gackpoid)
    "{EF62AEFF-5588-44A0-BC68-5A4D2B4ECE3B}" = MAGIX Speed burnR (MSI)
    "{EFA7E1F7-10E2-4BEE-B6EF-F7A39E61871D}" = VOCALOID2 Voice DB (Miku_light)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.12.2
    "{FB25A8B1-BFB8-4FC2-B029-7D15C6C3C192}" = VOCALOID2 Voice DB (Kiyoteru)
    "{FBAC864E-4875-48BA-AD77-5C2F06D7A945}" = VOCALOID2 Voice DB (Miku_soft)
    "{FC1E20FF-5948-46CA-B6E4-A3C1B539AA04}" = VOCALOID2 Voice DB (Miku_dark)
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE1CA4BA-8D11-4021-B1B0-CB990EBD7E53}" = VOCALOID2 Voice DB (Miku_solid)
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Any Video Converter_is1" = Any Video Converter 3.2.7
    "ASIO4ALL" = ASIO4ALL
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-06-26
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp m4a Codec" = dBpoweramp m4a Codec
    "dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
    "dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp OptimFROG Codec" = dBpoweramp OptimFROG Codec
    "dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
    "dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
    "dBpoweramp TTA Codec" = dBpoweramp TTA Codec
    "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
    "dBpowerAMP Windows Media Audio 9 Codec" = dBpowerAMP Windows Media Audio 9 Codec
    "DFO" = DFOLauncher
    "FL Studio 10" = FL Studio 10
    "ForceBindIP" = ForceBindIP
    "IL Download Manager" = IL Download Manager
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
    "iZotope Ozone 4_is1" = iZotope Ozone 4
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "MAGIX_MSI_Videodeluxe17_plus" = MAGIX Movie Edit Pro 17 Plus Download Version
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "mmssetup_is1" = MixMeister Studio Demo 7.4.4
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
    "Mp3tag" = Mp3tag v2.49
    "Pangya" = Pangya (Ntreev SG Interactive)
    "RealPlayer 12.0" = RealPlayer
    "ReNamer_is1" = ReNamer
    "RocketDock_is1" = RocketDock 1.3.5
    "Starcraft" = Starcraft
    "StarCraft II" = StarCraft II
    "Trillian" = Trillian
    "Winamp" = Winamp
    "Windows Lemmings" = Lemmings for Windows 95
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2646943634-1608694957-990595965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/28/2011 11:59:41 PM | Computer Name = Jackie-PC | Source = MsiInstaller | ID = 11316
    Description =

    Error - 12/29/2011 1:14:46 AM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/29/2011 1:14:51 AM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/29/2011 1:14:58 AM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/29/2011 3:38:05 AM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/29/2011 3:38:05 AM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/29/2011 3:48:03 AM | Computer Name = Jackie-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 12/29/2011 3:59:59 AM | Computer Name = Jackie-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 12/29/2011 12:18:40 PM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/29/2011 12:23:01 PM | Computer Name = Jackie-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    [ System Events ]
    Error - 12/29/2011 3:20:23 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%5

    Error - 12/29/2011 3:20:23 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%5

    Error - 12/29/2011 3:23:36 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.

    Error - 12/29/2011 3:43:23 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7000
    Description = The Kaspersky Anti-Virus Service service failed to start due to the
    following error: %%2

    Error - 12/29/2011 3:43:23 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 12/29/2011 3:43:23 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 12/29/2011 3:43:27 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7003
    Description = The Internet Connection Sharing (ICS) service depends the following
    service: BFE. This service might not be installed.

    Error - 12/29/2011 3:43:29 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 12/29/2011 3:44:54 AM | Computer Name = Jackie-PC | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.

    Error - 12/29/2011 12:30:36 PM | Computer Name = Jackie-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
    Description =


    < End of report >

    Thanks again!
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good news :)

    You're running two AV programs, Kaspersky and Avira.
    One of them has to go.
    Your choice.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
      O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
      O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-2646943634-1608694957-990595965-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
      O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
      O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
      O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
      O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/07 14:10:21 | 000,001,824 | -HS- | M] () -- C:\Users\Jackie\AppData\Local\f7n6beithc3553o8ae7ie4l1neo
      @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:ECF54A0E
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Still with me?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...