File recovery rogue scanner infection

Solved
By CanHazTrojanz?
Sep 1, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Very well :)

    As for CCC you can disable it as a startup (it doesn't have to be running) or reinstall it (by reinstalling your video driver).

    Next....

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  2. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I will do that next, Avast started a full scan that's still executing and it's found 62 infected files so far. Can I wait for that to complete or stop it and do the OTL scan?
  3. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Yeah, let it finish.
  4. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK it's finished. Do I select "repair, move to chest" or "delete"?

    There were plenty of JS iframe Trojans, mostly in AppData/Roaming/Article Marketing Robot files (a program I no longer use), at the time of using the tool in question my Vipre would quarantine/prevent these Trojans from opening.

    Here is a screenshot (I've blurred out some information since they point to a website I operate as an affiliate marketer). I've highlighted an MBR:SST [Rtk] infection, the last found...Funny that no other tool seemed to find any of this, including Malwarebytes and Vipre.

    Attached Files:

  5. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Broni, I'm eager to get to the next step so I'll just delete those files and run OTL.
  6. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    The Avast tool is now running an optional "bootkit scan" I think it was called - its' been running for a while. It seems to have found:

    File C:...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\3cdd4f34-2d2ac519|gnmsnwnl\uvrbgufjjrkbbd.class is infected by Java:CVE-2012-0505-EO [Expl]

    C:...\AppData\Roaming\JonathanLeger.com\InstantArticleWizard\1.0.0.0\SetupInstantArticleWizard.exe|>$INSTDIR\InstantArticleWizard.exe is infected by Win32:pUP-gen [PUP]

    Among a host of other things. I had a lot of infections from Java, and recall recently a warning to remove Java due to a pernicious infection going around...apparently I didn't listen. I have tools (had) that run on Java, not to mention various websites that require it to function properly. I'm going to try to avoid using it if I can in future (or at least use Avast's "sandbox" feature to browse from a sandboxed browser).

    It's still running. Haven't had the chance to run OTL yet, but soon as I can I will.
  7. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    You did fine :)
  8. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OTL logfile created on: 9/9/2012 10:16:19 PM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\IdHusseys\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.60% Memory free
    5.49 Gb Paging File | 4.22 Gb Available in Paging File | 76.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 219.07 Gb Total Space | 160.05 Gb Free Space | 73.06% Space Free | Partition Type: NTFS
    Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 94.46 Mb Free Space | 95.24% Space Free | Partition Type: FAT32
    Drive G: | 7.45 Gb Total Space | 7.25 Gb Free Space | 97.34% Space Free | Partition Type: FAT32

    Computer Name: IDHUSSEYS-PC | User Name: IdHusseys | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/09 17:22:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\IdHusseys\Desktop\OTL.exe
    PRC - [2012/08/21 03:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/08/21 03:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2012/08/13 10:57:02 | 010,368,512 | -H-- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\IdHusseys\AppData\Roaming\Dropbox\bin\Dropbox.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV:64bit: - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/08/21 03:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/08/04 22:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/21 19:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/09/05 19:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/07/13 08:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/21 19:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/26 13:26:32 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
    DRV:64bit: - [2012/08/21 03:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 03:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 03:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 03:13:12 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
    DRV:64bit: - [2012/08/21 03:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 03:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 03:13:11 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
    DRV:64bit: - [2012/08/21 03:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/08/21 03:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012/08/01 14:36:54 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2012/07/13 04:47:42 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/20 14:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/08/04 23:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/21 19:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/24 13:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/06 19:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/03/09 08:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BDC06DD8-B670-493E-9B88-53A16BCE8E57}
    IE:64bit: - HKLM\..\SearchScopes\{958CE2B2-3455-4519-AD53-16CA9A57A488}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE:64bit: - HKLM\..\SearchScopes\{BDC06DD8-B670-493E-9B88-53A16BCE8E57}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {BDC06DD8-B670-493E-9B88-53A16BCE8E57}
    IE - HKLM\..\SearchScopes\{958CE2B2-3455-4519-AD53-16CA9A57A488}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{BDC06DD8-B670-493E-9B88-53A16BCE8E57}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 26107286
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111220
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\..\SearchScopes,DefaultScope = {BDC06DD8-B670-493E-9B88-53A16BCE8E57}
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\..\SearchScopes\{958CE2B2-3455-4519-AD53-16CA9A57A488}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\..\SearchScopes\{BDC06DD8-B670-493E-9B88-53A16BCE8E57}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://gmail.com/"
    FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..extensions.enabledAddons: rankchecker@seobook.com:1.8.20
    FF - prefs.js..extensions.enabledAddons: seo4firefox@seobook.com:3.6.5
    FF - prefs.js..extensions.enabledAddons: seotoolbar@seobook.com:1.1.36
    FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IdHusseys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IdHusseys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\IdHusseys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/09 04:04:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/09 02:25:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/09/09 02:16:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Extensions
    [2010/07/15 12:42:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/09/09 18:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\extensions
    [2012/09/09 18:45:02 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2012/09/09 04:07:20 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\extensions\support@lastpass.com
    [2012/09/09 18:45:00 | 000,158,974 | ---- | M] () (No name found) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\extensions\rankchecker@seobook.com.xpi
    [2012/09/09 18:45:00 | 000,087,184 | ---- | M] () (No name found) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\extensions\seo4firefox@seobook.com.xpi
    [2012/09/09 18:45:00 | 000,221,589 | ---- | M] () (No name found) -- C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\extensions\seotoolbar@seobook.com.xpi
    [2012/09/09 02:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/09 04:04:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/09/05 19:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 19:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 19:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\IdHusseys\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\IdHusseys\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\IdHusseys\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\IdHusseys\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: NPLastPass (Enabled) = C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\IdHusseys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\IdHusseys\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: LastPass = C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\
    CHR - Extension: avast! WebRep = C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Scraper = C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\

    O1 HOSTS File: ([2012/09/04 00:48:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
    O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
    O4 - HKLM..\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000..\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
    O4 - Startup: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\IdHusseys\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-3455346300-1148100813-3106168065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: LastPass - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: LastPass - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
    O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
    O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF0CB9F8-FA84-4B47-A1C1-735CF549A63D}: DhcpNameServer = 24.116.2.50 24.116.2.34
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ### TO BE CONTINUED IN NEXT POST - FILE TOO LARGE ##
  9. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    ## CONTINUATION OF OTL.TXT ##



    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/09 17:22:22 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\IdHusseys\Desktop\OTL.exe
    [2012/09/09 04:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
    [2012/09/09 04:05:34 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/09/09 04:05:33 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/09/09 04:05:27 | 000,142,128 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2012/09/09 04:05:02 | 000,266,776 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2012/09/09 04:05:02 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/09/09 04:05:02 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/09/09 04:05:00 | 000,019,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2012/09/09 04:04:59 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/09/09 04:04:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/09/09 04:04:55 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/09/09 04:04:40 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
    [2012/09/09 04:04:23 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/09/09 04:04:23 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/09/09 04:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/09/09 04:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/09/09 02:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012/09/09 02:31:18 | 000,000,000 | ---D | C] -- C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/09 02:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/09 02:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/09 02:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/08 20:56:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\IdHusseys\Desktop\aswMBR.exe
    [2012/09/08 20:56:04 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\IdHusseys\Desktop\rkill.exe
    [2012/09/08 18:32:26 | 029,568,880 | ---- | C] (GFI Software) -- C:\Users\IdHusseys\Desktop\setup-vipre-antivirus-en-us-trial.exe
    [2012/09/08 17:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/09/08 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/09/08 16:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/08 16:16:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/08 16:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/07 23:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/09/07 22:56:32 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2012/09/07 22:55:44 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
    [2012/09/07 22:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    [2012/09/07 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
    [2012/09/07 21:33:42 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/04 18:00:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/09/04 02:17:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/04 01:10:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/03 23:15:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/03 23:15:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/03 23:15:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/03 23:14:16 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/09/03 23:13:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/02 14:16:53 | 000,000,000 | ---D | C] -- C:\Users\IdHusseys\Desktop\RK_Quarantine
    [2012/09/01 19:49:40 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\IdHusseys\Desktop\dds.com
    [2012/09/01 01:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
    [2012/08/29 17:41:48 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe
    [2012/08/28 00:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/08/26 13:26:32 | 000,086,816 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys
    [2012/08/25 00:57:47 | 000,000,000 | -H-D | C] -- C:\Users\IdHusseys\Documents\Magic Rank Tracker Reports
    [2012/08/24 02:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider
    [2012/08/23 23:34:26 | 014,790,243 | ---- | C] (Jayson Yanuaria ) -- C:\Program Files (x86)\SERPAttacks_Video.exe
    [2012/08/23 23:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
    [2012/08/23 23:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2012/08/23 21:46:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
    [2012/08/22 02:08:40 | 000,000,000 | ---D | C] -- C:\lynx_w32
    [2012/08/21 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\IdHusseys\Desktop\lynx2-8-7
    [2012/08/20 16:28:45 | 000,000,000 | -H-D | C] -- C:\Users\IdHusseys\AppData\Local\ElevatedDiagnostics
    [2012/08/14 16:24:05 | 015,428,440 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files (x86)\AdobeAIRInstaller.exe
    [2012/08/14 15:49:12 | 000,000,000 | -H-D | C] -- C:\Users\IdHusseys\AppData\Local\{136E17CE-9D8C-4576-B5FB-9FD9476CEE7D}
    [2012/08/13 13:53:47 | 000,000,000 | -H-D | C] -- C:\Users\IdHusseys\AppData\Local\{22CFA543-8BC0-487D-B925-78E6564E6786}
    [2012/08/11 15:18:14 | 000,000,000 | -H-D | C] -- C:\Users\IdHusseys\AppData\Roaming\Microsys
    [2012/08/11 15:18:14 | 000,000,000 | ---D | C] -- C:\Users\IdHusseys\Documents\Microsys
    [2012/08/11 15:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsys
    [2012/08/11 15:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsys

    ========== Files - Modified Within 30 Days ==========

    [2012/09/09 22:13:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/09 21:46:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/09 21:46:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/09 21:43:15 | 000,782,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/09 21:43:15 | 000,662,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/09 21:43:15 | 000,122,280 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/09 19:35:42 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/09 19:35:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
    [2012/09/09 18:51:41 | 000,078,832 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Avast Errors.gif
    [2012/09/09 17:42:28 | 005,576,634 | ---- | M] () -- C:\Users\IdHusseys\Desktop\npp.5.9.Installer.exe
    [2012/09/09 17:22:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\IdHusseys\Desktop\OTL.exe
    [2012/09/09 04:07:20 | 000,001,192 | ---- | M] () -- C:\Users\IdHusseys\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2012/09/09 04:07:07 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2012/09/09 04:05:35 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2012/09/09 04:04:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/09/09 02:35:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
    [2012/09/09 02:31:20 | 000,002,392 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Google Chrome.lnk
    [2012/09/09 02:25:17 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/08 21:23:30 | 000,000,512 | ---- | M] () -- C:\Users\IdHusseys\Desktop\MBR.dat
    [2012/09/08 20:57:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\IdHusseys\Desktop\aswMBR.exe
    [2012/09/08 20:56:19 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\IdHusseys\Desktop\rkill.exe
    [2012/09/08 18:31:46 | 029,568,880 | ---- | M] (GFI Software) -- C:\Users\IdHusseys\Desktop\setup-vipre-antivirus-en-us-trial.exe
    [2012/09/08 17:59:10 | 000,001,228 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Revo Uninstaller.lnk
    [2012/09/08 16:16:54 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/08 15:13:54 | 000,377,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/08 14:06:38 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/09/07 23:48:09 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2012/09/07 23:46:50 | 000,782,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/07 22:55:39 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2012/09/06 01:00:25 | 000,862,666 | ---- | M] () -- C:\Users\IdHusseys\Desktop\DVD Read Write Drive Instructions.pdf
    [2012/09/04 00:48:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/01 21:48:46 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\IdHusseys\Desktop\dds.com
    [2012/09/01 06:22:55 | 000,191,637 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Vipre Scan Result Post Infection 090112.jpg
    [2012/08/31 22:23:44 | 000,255,751 | ---- | M] () -- C:\Users\IdHusseys\Desktop\MBAM ERROR.jpg
    [2012/08/31 18:19:46 | 000,000,093 | ---- | M] () -- C:\Users\IdHusseys\AppData\Roaming\netstat.bat
    [2012/08/31 15:57:16 | 000,058,080 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
    [2012/08/31 15:57:13 | 000,983,193 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Instructions+for+Installing+AffMagic.pdf
    [2012/08/31 00:38:59 | 000,080,549 | ---- | M] () -- C:\Users\IdHusseys\Desktop\lv.htm
    [2012/08/30 18:48:58 | 000,082,988 | ---- | M] () -- C:\Users\IdHusseys\Desktop\GoogleDMCA3.jpg
    [2012/08/30 18:47:19 | 000,067,312 | ---- | M] () -- C:\Users\IdHusseys\Desktop\GoogleDMCA2.jpg
    [2012/08/29 17:41:48 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe
    [2012/08/29 17:41:48 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
    [2012/08/27 18:57:51 | 000,184,299 | -H-- | M] () -- C:\Users\IdHusseys\Desktop\SEO Spider.jpg
    [2012/08/27 16:52:19 | 000,000,915 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Xenu.lnk
    [2012/08/26 13:26:32 | 000,086,816 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys
    [2012/08/25 20:31:15 | 000,579,257 | ---- | M] () -- C:\Users\IdHusseys\.ranktracker.properties
    [2012/08/25 04:55:21 | 004,987,023 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Advanced SEO SEOROI.pdf
    [2012/08/24 16:38:25 | 004,159,475 | ---- | M] () -- C:\Users\IdHusseys\.websiteauditor.properties
    [2012/08/24 00:17:22 | 000,034,075 | ---- | M] () -- C:\Users\IdHusseys\Desktop\SEMRUSH DISCOUNT COUPON.jpg
    [2012/08/23 23:34:50 | 014,790,243 | ---- | M] (Jayson Yanuaria ) -- C:\Program Files (x86)\SERPAttacks_Video.exe
    [2012/08/23 21:48:28 | 000,001,199 | ---- | M] () -- C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    [2012/08/23 21:39:44 | 020,348,849 | ---- | M] () -- C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
    [2012/08/23 21:38:55 | 135,933,721 | ---- | M] () -- C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    [2012/08/23 17:24:58 | 000,165,516 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/08/23 16:19:41 | 000,000,961 | ---- | M] () -- C:\Users\IdHusseys\Application Data\Microsoft\Internet Explorer\Quick Launch\SERPAttacks.lnk
    [2012/08/22 18:56:22 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
    [2012/08/22 02:10:32 | 000,000,929 | ---- | M] () -- C:\Users\IdHusseys\Desktop\LYNX.lnk
    [2012/08/21 13:58:26 | 000,126,308 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Removing Libel.jpg
    [2012/08/21 13:23:53 | 000,857,293 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Market Samurai on BeatThePenguinChecklist.pdf
    [2012/08/21 03:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/08/21 03:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/08/21 03:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/08/21 03:13:12 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2012/08/21 03:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/08/21 03:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/08/21 03:13:11 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2012/08/21 03:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/08/21 03:13:11 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2012/08/21 03:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/08/21 03:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/08/21 03:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/08/20 04:37:48 | 000,000,498 | ---- | M] () -- C:\Windows\SysWow64\CountScans.XML
    [2012/08/20 04:31:04 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/08/17 02:21:32 | 000,603,065 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Slingshot SEO on Enterprise Level Guide to Keyword Research.pdf
    [2012/08/17 02:14:24 | 001,517,097 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Slingshot SEO on Agency Level SEO Perspectives.pdf
    [2012/08/17 02:11:42 | 000,902,722 | ---- | M] () -- C:\Users\IdHusseys\Desktop\CLASS Slingshot SEOs Method.pdf
    [2012/08/17 02:07:32 | 000,800,737 | ---- | M] () -- C:\Users\IdHusseys\Desktop\Effectiveness of Marketing Media.pdf
    [2012/08/16 16:46:15 | 000,532,409 | ---- | M] () -- C:\Users\IdHusseys\.linkassistant.properties
    [2012/08/12 16:58:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIdHusseys.job
    [2012/08/11 15:18:09 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk

    ========== Files Created - No Company Name ==========

    [2012/09/09 18:51:06 | 000,078,832 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Avast Errors.gif
    [2012/09/09 17:42:15 | 005,576,634 | ---- | C] () -- C:\Users\IdHusseys\Desktop\npp.5.9.Installer.exe
    [2012/09/09 04:07:19 | 000,001,192 | ---- | C] () -- C:\Users\IdHusseys\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2012/09/09 04:05:35 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2012/09/09 04:04:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/09/09 02:31:20 | 000,002,392 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Google Chrome.lnk
    [2012/09/09 02:30:30 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
    [2012/09/09 02:30:29 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
    [2012/09/09 02:25:17 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/09 02:25:17 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/08 21:23:30 | 000,000,512 | ---- | C] () -- C:\Users\IdHusseys\Desktop\MBR.dat
    [2012/09/08 17:59:10 | 000,001,228 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Revo Uninstaller.lnk
    [2012/09/08 16:16:54 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/07 23:49:43 | 000,196,608 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/09/07 23:44:57 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
    [2012/09/07 22:55:39 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2012/09/06 01:00:24 | 000,862,666 | ---- | C] () -- C:\Users\IdHusseys\Desktop\DVD Read Write Drive Instructions.pdf
    [2012/09/03 23:15:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/03 23:15:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/03 23:15:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/03 23:15:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/03 23:15:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/01 06:22:54 | 000,191,637 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Vipre Scan Result Post Infection 090112.jpg
    [2012/08/31 22:04:34 | 000,255,751 | ---- | C] () -- C:\Users\IdHusseys\Desktop\MBAM ERROR.jpg
    [2012/08/31 18:19:46 | 000,000,093 | ---- | C] () -- C:\Users\IdHusseys\AppData\Roaming\netstat.bat
    [2012/08/31 15:57:14 | 000,058,080 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
    [2012/08/31 15:57:08 | 000,983,193 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Instructions+for+Installing+AffMagic.pdf
    [2012/08/31 00:39:02 | 000,080,549 | ---- | C] () -- C:\Users\IdHusseys\Desktop\lv.htm
    [2012/08/30 18:48:57 | 000,082,988 | ---- | C] () -- C:\Users\IdHusseys\Desktop\GoogleDMCA3.jpg
    [2012/08/30 18:47:19 | 000,067,312 | ---- | C] () -- C:\Users\IdHusseys\Desktop\GoogleDMCA2.jpg
    [2012/08/27 18:57:51 | 000,184,299 | -H-- | C] () -- C:\Users\IdHusseys\Desktop\SEO Spider.jpg
    [2012/08/27 16:52:19 | 000,000,915 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Xenu.lnk
    [2012/08/25 04:55:18 | 004,987,023 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Advanced SEO SEOROI.pdf
    [2012/08/24 00:17:22 | 000,034,075 | ---- | C] () -- C:\Users\IdHusseys\Desktop\SEMRUSH DISCOUNT COUPON.jpg
    [2012/08/23 23:23:13 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
    [2012/08/23 21:48:28 | 000,001,199 | ---- | C] () -- C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    [2012/08/23 21:36:32 | 020,348,849 | ---- | C] () -- C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
    [2012/08/23 21:32:13 | 135,933,721 | ---- | C] () -- C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    [2012/08/22 18:56:22 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
    [2012/08/22 02:09:54 | 000,000,929 | ---- | C] () -- C:\Users\IdHusseys\Desktop\LYNX.lnk
    [2012/08/21 13:58:25 | 000,126,308 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Removing Libel.jpg
    [2012/08/21 13:23:53 | 000,857,293 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Market Samurai on BeatThePenguinChecklist.pdf
    [2012/08/17 02:21:32 | 000,603,065 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Slingshot SEO on Enterprise Level Guide to Keyword Research.pdf
    [2012/08/17 02:14:24 | 001,517,097 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Slingshot SEO on Agency Level SEO Perspectives.pdf
    [2012/08/17 02:11:42 | 000,902,722 | ---- | C] () -- C:\Users\IdHusseys\Desktop\CLASS Slingshot SEOs Method.pdf
    [2012/08/17 02:07:32 | 000,800,737 | ---- | C] () -- C:\Users\IdHusseys\Desktop\Effectiveness of Marketing Media.pdf
    [2012/08/11 15:18:09 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
    [2012/08/01 20:33:50 | 000,005,477 | -H-- | C] () -- C:\Users\IdHusseys\.recently-used.xbel
    [2012/06/16 03:41:20 | 000,000,088 | -H-- | C] () -- C:\Users\IdHusseys\.95d691779473f3e03bc4b4e56319d74c.key
    [2011/04/19 16:42:41 | 000,165,516 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/03/02 21:10:28 | 000,001,854 | -H-- | C] () -- C:\Users\IdHusseys\AppData\Roaming\GhostObjGAFix.xml
    [2010/08/28 20:23:14 | 000,005,224 | -H-- | C] () -- C:\Users\IdHusseys\AppData\Roaming\wklnhst.dat
    [2010/07/26 01:05:33 | 000,638,358 | ---- | C] () -- C:\Users\IdHusseys\.spyglass.properties
    [2010/07/24 16:55:17 | 004,159,475 | ---- | C] () -- C:\Users\IdHusseys\.websiteauditor.properties
    [2010/07/16 01:27:41 | 000,532,409 | ---- | C] () -- C:\Users\IdHusseys\.linkassistant.properties
    [2010/07/15 13:12:42 | 000,579,257 | ---- | C] () -- C:\Users\IdHusseys\.ranktracker.properties
    [2010/05/22 03:11:22 | 000,010,752 | ---- | C] () -- C:\Users\IdHusseys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/18 23:46:50 | 000,000,153 | -H-- | C] () -- C:\Users\IdHusseys\AppData\Local\TheBestSpinner_Export.dat

    ========== LOP Check ==========

    [2012/08/31 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\.minecraft
    [2012/08/31 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\Affilorama
    [2011/08/23 17:40:40 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\Amazon
    [2012/08/31 18:52:25 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot
    [2012/07/23 09:14:18 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\com.elance.tracker
    [2012/06/16 03:41:20 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\com.longtailpro.LongTailPro
    [2012/04/03 14:28:15 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\CurationSoft
    [2011/07/12 23:08:58 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2012/09/09 22:13:47 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\Dropbox
    [2012/08/30 23:58:25 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\FileZilla
    [2012/07/23 09:57:59 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\FireShot
    [2011/11/14 14:08:04 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\GFI Software
    [2012/08/31 18:52:25 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\gtk-2.0
    [2012/08/19 13:15:54 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\ICQ
    [2012/08/31 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\JonathanLeger.com
    [2011/10/25 12:56:20 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\MarketMeTweet
    [2010/12/14 00:47:50 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2012/08/22 18:56:33 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\Microsys
    [2012/05/24 15:43:31 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\MP3SkypeRecorder
    [2012/09/01 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\Notepad++
    [2012/08/31 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\OpenOffice.org
    [2012/08/31 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\SERPAttacks
    [2012/08/31 18:52:32 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\Spotify
    [2012/08/09 15:04:45 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\TeamViewer
    [2010/10/12 18:52:11 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\Template
    [2012/08/31 18:52:32 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\UBot Studio
    [2010/12/18 12:05:43 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\Unity
    [2011/08/12 22:32:23 | 000,000,000 | -H-D | M] -- C:\Users\IdHusseys\AppData\Roaming\Windows Live Writer
    [2012/08/31 18:38:36 | 000,000,000 | ---D | M] -- C:\Users\IdHusseys\AppData\Roaming\XMind
    [2012/09/08 14:06:36 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========

    < End of report >
  10. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OTL Extras logfile created on: 9/9/2012 10:16:19 PM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\IdHusseys\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.60% Memory free
    5.49 Gb Paging File | 4.22 Gb Available in Paging File | 76.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 219.07 Gb Total Space | 160.05 Gb Free Space | 73.06% Space Free | Partition Type: NTFS
    Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 94.46 Mb Free Space | 95.24% Space Free | Partition Type: FAT32
    Drive G: | 7.45 Gb Total Space | 7.25 Gb Free Space | 97.34% Space Free | Partition Type: FAT32

    Computer Name: IDHUSSEYS-PC | User Name: IdHusseys | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3455346300-1148100813-3106168065-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{029431BD-55C1-4E9D-9C0A-C23F0F5F5A3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{041B5B8E-D8E3-4151-B727-2580A44F9D97}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1B1EAAEA-ADA8-435A-B64C-F50DC8AF1E8D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{1B7E43D2-1054-4AE9-A05D-E7787D7F758D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2247FC31-C5E0-43F6-BA18-50CF4888A032}" = lport=445 | protocol=6 | dir=in | app=system |
    "{58D73721-ACB2-45BC-A8AA-BF6F30DC96C6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{6202530D-0DD1-43C6-A7EF-DFFDCF405CDA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{6A1399E5-E325-4DF0-9476-D624454C46EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{73147FC1-8AE4-44ED-A3E3-7B8964A94E4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{75CE419D-575C-484E-A6BE-3511AAAFEB53}" = lport=139 | protocol=6 | dir=in | app=system |
    "{79583184-A5F4-409A-9521-04C829E9D691}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{8C4C69E2-7839-4988-8EFA-4A026B966F42}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{93717E7E-217A-49BE-A5E0-871837884CF1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{93B0B528-0810-4C18-8270-A8449B71A993}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A2E0C473-FD8D-455C-850E-65D89B7E4AEE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AD05BC6E-8959-4974-AB92-795CC51AE6FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C35B5999-6FE2-435F-BEF3-E23C2592390D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C763F52A-F60F-4F80-925C-4C895AA7A7AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C963824A-7947-4BC4-B390-2217E7F7EFD1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CC2325C7-03DC-4832-9C2D-E3322776D9E6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D15E3598-AAA9-4E5D-A6D9-2C7416FC6481}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D5731A44-25C8-4703-87F0-718531B80F8D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{DB178EC9-DCCF-4432-A7DE-21BCFC7D9EEB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{E9C98C7B-9893-400E-B327-8CC4EBAEED53}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{ECFADEC1-85EF-4589-9563-0182E9E832DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F3D11E22-17F9-4A69-B0A0-40F376C1EF15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0814F818-FC01-4C92-A413-89EDE710F7E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{082B46A8-211E-4E56-89CA-B23586BB854A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{0A676125-91E0-4582-A7FB-F239C1193F1F}" = protocol=17 | dir=in | app=c:\users\idhusseys\appdata\roaming\dropbox\bin\dropbox.exe |
    "{1542B02D-4971-4DCF-97D9-7BA21C54B449}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1F81C1D3-BDCE-4538-BDEB-00C56F5E1688}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{20678E57-1B6B-491C-BEA6-11D7807793D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{219E5638-A915-48D4-809D-62B514C9AE17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2919114F-D1D5-4D86-8546-BBB46B6E2E47}" = protocol=17 | dir=in | app=c:\program files (x86)\lastpass\lastpass.exe |
    "{2D99E626-F859-4703-9352-F7FCEB487360}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{32307DB8-A2C9-4A83-85F8-092B214729DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{38C5C397-9DB5-4357-9526-932045B33EF5}" = protocol=6 | dir=out | app=system |
    "{419661C3-009E-4F0A-8C5C-55FCF81C2DAA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{435CE041-DFE1-4EEE-AA60-F3E0F391712F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{4953B9A6-7A7F-41D7-9C4F-67CC4E80D304}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{4C819DC4-CA5E-4693-B953-89C5D813354C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{501A5CFE-8C91-4FC8-9691-DED043EC53B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5218898F-DA09-4839-AC93-C136E528F623}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{54DD0749-F284-4BD3-92E9-B3A0F8EA5CFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{57241BC7-FD24-4186-9368-1675800174AC}" = protocol=6 | dir=in | app=c:\program files (x86)\lastpass\lastpass.exe |
    "{7489DEE6-3265-4827-A431-730212F034F9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{7D23AD36-B773-4E60-891A-C53D584308C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{823444AE-A5DD-4822-8962-8C67C9E78695}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{8F45A956-4E44-4664-BD6C-3186E2A8583D}" = protocol=6 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
    "{92624062-18E7-4EEE-80E3-AF8615C84F00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9ED45CFA-AA36-405C-AEC3-96EC31F92A79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A0EB5CEF-AD64-463B-9081-54B10CBEB649}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A5A8C792-957C-48F8-85D7-3EFDEB58DB05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA7EAE85-455B-4677-BBC3-559DE507A4A3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{CA63FA07-7BFC-418D-BD32-C6C5BB5A2439}" = protocol=17 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
    "{D5D9FA0A-8009-46F8-A551-5715A367846B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{F0FB9198-3E99-44F4-9C36-ACFABAD52077}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F2575E15-D909-4A3E-822A-FA25353EA3BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F9E380C8-CEDF-48F5-BEB4-C73D0566EE39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FBCB5452-F78F-4539-8BB6-DE1BA4F43943}" = protocol=6 | dir=in | app=c:\users\idhusseys\appdata\roaming\dropbox\bin\dropbox.exe |
    "{FD829CC1-8884-4C6E-B3E7-7F6054D9018C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FD84019C-C126-43F4-96CE-80BCA1CC3CD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{FE58E56A-528C-4F8C-B508-CE6B2BF128AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{0571066C-77CE-4022-9D3D-DA6916B6CC5D}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "TCP Query User{32BED8D8-ADC3-4122-85D6-C0764B0C5685}C:\users\idhusseys\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\idhusseys\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{535CA1DB-CD7F-4C84-AD88-7CB824173CF2}C:\users\idhusseys\desktop\filezilla-3.5.2\filezilla.exe" = protocol=6 | dir=in | app=c:\users\idhusseys\desktop\filezilla-3.5.2\filezilla.exe |
    "TCP Query User{E06E9A28-C601-4089-970A-96CB67B31FF3}C:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe |
    "TCP Query User{ED78F6AF-77F7-4A55-9AD9-9247F4ACEFF8}C:\users\idhusseys\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\idhusseys\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{EE7FEC52-30C1-4C2C-B415-B30AAF25B462}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
    "UDP Query User{0797A01A-1D00-47E4-A556-6F0B8E5A3ECA}C:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe |
    "UDP Query User{2BD18764-0DBE-431E-ACBF-9E97BC24319A}C:\users\idhusseys\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\idhusseys\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{5000A291-E319-4A7A-B494-833D614D0B75}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
    "UDP Query User{5E9327CE-5CB4-4F9E-A69E-58F83D73E4D3}C:\users\idhusseys\desktop\filezilla-3.5.2\filezilla.exe" = protocol=17 | dir=in | app=c:\users\idhusseys\desktop\filezilla-3.5.2\filezilla.exe |
    "UDP Query User{B4B02AFD-DBC1-4B4F-B8F9-476E64797930}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "UDP Query User{DC77C67C-4EFD-4115-90B7-149E3AB25616}C:\users\idhusseys\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\idhusseys\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
    "{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
    "{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
    "1C40599AC4C249FEBC2C1A02E763F7C7_is1" = A1 Website Analyzer
    "4999BF65FDC64B3E8F8D61A562DF89BB_is1" = A1 Keyword Research
    "CCleaner" = CCleaner
    "LSI Soft Modem" = LSI HDA Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05554D36-5C86-4BCC-BD48-EC2FC9A631E1}" = Magic Article Submitter
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D22E5A3-0051-4FC5-A9B6-076BF53F9E6D}" = BacklinkTopia
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
    "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
    "{31ACB2BD-3C87-4B56-9CD4-CCA25D98F390}" = GFX Writer
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
    "{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
    "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
    "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
    "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
    "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
    "{4E55D026-F2D7-E5F6-C2DC-8E8F2BA2B86B}" = Market Samurai
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
    "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5EAAF925-4FBC-4AAB-B528-F9583653D6DB}" = PressBot
    "{5FE7A99C-635F-AAE4-23F8-6E657C21B7EA}" = MarketMeSuite
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
    "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
    "{7387442F-CB81-4775-96FA-C038CF479C3E}" = Magic Tokens Database 2.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
    "{8198DD04-D0F6-4674-A2D9-E6546347D62D}" = RSSBot
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B9134C-B36B-1051-A000-627B047C8206}" = CurationSoft
    "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
    "{9104E567-F78D-4B7D-BB94-E6BCA574F3C0}" = Fresh Proxy Scraper
    "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
    "{A0B1E09A-1FEA-4E45-9557-8B1871D43834}" = VideoBot
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
    "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ABB2D074-04BC-4F41-A1CB-7FB9AF4100DC}" = GFX Video Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
    "{B9F7A849-E093-4BB5-B4F4-44D203FF40C2}" = NP Checker
    "{bc9acdc7-eaea-4cc5-8e11-582309e347bf}_is1" = Magic Rank Tracker version 2.7
    "{BEDE6836-8ED5-4444-B895-CE54968CFC4C}" = Magic Article Rewriter
    "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
    "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
    "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDFB9315-8964-B381-2167-0C0FE726CD99}" = Tracker
    "{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
    "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{EECA7A4E-4D95-46FE-A55B-F6D3EFFFFF2B}" = Image Crusher
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Amazon Kindle" = Amazon Kindle
    "avast" = avast! Internet Security
    "AVS Audio Converter_is1" = AVS Audio Converter 7
    "AVS Audio Editor_is1" = AVS Audio Editor 7.1
    "AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
    "AVS Disc Creator_is1" = AVS Disc Creator 5
    "AVS Document Converter_is1" = AVS Document Converter 2.1.2
    "AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2
    "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor_is1" = AVS Video Editor 6
    "AVS Video Recorder_is1" = AVS Video Recorder 2.4
    "AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
    "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
    "com.elance.tracker" = Tracker
    "CurationSoft" = CurationSoft
    "Directory Submitter_is1" = Directory Submitter 1.0.29
    "FileZilla Client" = FileZilla Client 3.5.3
    "HMA! Pro VPN" = HMA! Pro VPN 2.6.9
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Jigs@w Puzzle Promo Creator_is1" = Jigs@w Puzzle Promo Creator 2.1
    "jZip" = jZip
    "LastPass" = LastPass (uninstall only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MarketMeTweet" = MarketMeSuite
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "PAD Submit Worker_is1" = PAD SubmitWorker 1.2
    "PDF2EXE_is1" = PDF2EXE 3.0
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "seopowersuite" = SEO PowerSuite
    "SERPAttacks Video Tutorial_is1" = SERPAttacks Video Tutorial
    "SERPAttacks_is1" = SERPAttacks
    "Spotify" = Spotify
    "The 5 Bucks a Day Action Enforcer_is1" = The 5 Bucks a Day Action Enforcer
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "Xenu's Link Sleuth" = Xenu's Link Sleuth
    "XMind" = XMind

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3455346300-1148100813-3106168065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.2.0.952
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/8/2012 4:06:36 PM | Computer Name = IdHusseys-PC | Source = Schedule | ID = 0
    Description =

    Error - 9/8/2012 4:43:33 PM | Computer Name = IdHusseys-PC | Source = Application Hang | ID = 1002
    Description = The program MP3 Skype Recorder.exe version 3.1.1.2 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: b00 Start
    Time: 01cd8e02679643f0 Termination Time: 15 Application Path: C:\Program Files (x86)\MP3
    Skype Recorder\MP3 Skype Recorder.exe Report Id: c4f1950e-f9f5-11e1-a537-00269ec36d40

    Error - 9/8/2012 6:04:46 PM | Computer Name = IdHusseys-PC | Source = MsiInstaller | ID = 11714
    Description =

    Error - 9/9/2012 1:48:35 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/9/2012 1:48:35 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1092

    Error - 9/9/2012 1:48:35 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

    Error - 9/9/2012 1:48:36 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/9/2012 1:48:36 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2153

    Error - 9/9/2012 1:48:36 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2153

    Error - 9/9/2012 5:47:51 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = ERROR: mDNSPlatformReadTCP - recv: 10093

    Error - 9/9/2012 5:47:51 AM | Computer Name = IdHusseys-PC | Source = Bonjour Service | ID = 100
    Description = 456: ERROR: read_msg errno 0 (The operation completed successfully.)

    [ Hewlett-Packard Events ]
    Error - 11/12/2011 2:28:29 AM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:30:13 AM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description = HP Error ID: -2146233087HPSF.exe Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The server did not provide a meaningful
    reply; this might be caused by a contract mismatch, a premature session shutdown
    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 2812 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 11/12/2011 2:31:46 AM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:32:08 AM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:01:42 PM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:01:42 PM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:02:16 PM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:02:51 PM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:04:02 PM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/12/2011 2:06:45 PM | Computer Name = IdHusseys-PC | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 9/9/2012 6:34:07 PM | Computer Name = IdHusseys-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom SBRE

    Error - 9/9/2012 6:35:00 PM | Computer Name = IdHusseys-PC | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 9/9/2012 6:35:00 PM | Computer Name = IdHusseys-PC | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 9/9/2012 6:36:08 PM | Computer Name = IdHusseys-PC | Source = Service Control Manager | ID = 7000
    Description = The VIPRE Antivirus service failed to start due to the following error:
    %%2

    Error - 9/9/2012 11:38:32 PM | Computer Name = IdHusseys-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 9/9/2012 11:39:04 PM | Computer Name = IdHusseys-PC | Source = Service Control Manager | ID = 7000
    Description = The SB Recovery Service service failed to start due to the following
    error: %%2

    Error - 9/9/2012 11:39:49 PM | Computer Name = IdHusseys-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom SBRE

    Error - 9/9/2012 11:41:50 PM | Computer Name = IdHusseys-PC | Source = Service Control Manager | ID = 7000
    Description = The VIPRE Antivirus service failed to start due to the following error:
    %%2

    Error - 9/9/2012 11:41:54 PM | Computer Name = IdHusseys-PC | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 9/9/2012 11:41:54 PM | Computer Name = IdHusseys-PC | Source = WMPNetworkSvc | ID = 866314
    Description =


    < End of report >
  11. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I hope you speak Greek. That's all Greek to me.
     
  12. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK, seriously bad news for me:

    I'm missing tons of files. Documents, my ebooks I've written (their backup files), a ton of my premium WordPress plugins, website backup files and a boatload of client files I was working on...they're just gone. I've selected "view hidden files" and they're not there.
  13. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Nevermind. Actually tons of files remain hidden...but thank God they're actually there! I just about jumped off a cliff.
  14. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    New issue:

    My mouse randomly will scroll by itself...that's never happened. It happens in PDFs if I read them on or offline, but also some websites.
  15. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
      O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
      O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
      O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File not found
      O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
      O4 - HKLM..\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" File not found
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: LastPass - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
      O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: LastPass - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
      O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\IdHusseys\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
      O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
      O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
      O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
      O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AppleSyncNotifier deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SBAMTray deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0000036B-C524-4050-81A0-243669A86B9F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000036B-C524-4050-81A0-243669A86B9F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
    File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ deleted successfully.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ deleted successfully.
    File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IdHusseys
    ->Temp folder emptied: 271910979 bytes
    ->Temporary Internet Files folder emptied: 11526445 bytes
    ->Java cache emptied: 53849906 bytes
    ->FireFox cache emptied: 344142745 bytes
    ->Google Chrome cache emptied: 349800934 bytes
    ->Flash cache emptied: 14929911 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 106048893 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
    RecycleBin emptied: 31423171 bytes

    Total Files Cleaned = 1,129.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: IdHusseys
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: IdHusseys
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.61.3 log created on 09102012_174913

    Files\Folders moved on Reboot...
    C:\Users\IdHusseys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  17. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Results of screen317's Security Check version 0.99.50
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Internet Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast afwServ.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  18. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Farbar Service Scanner Version: 06-08-2012
    Ran by IdHusseys (administrator) on 10-09-2012 at 18:06:50
    Running from "C:\Users\IdHusseys\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  19. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    # AdwCleaner v2.001 - Logfile created 09/10/2012 at 18:09:55
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : IdHusseys - IDHUSSEYS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\IdHusseys\Desktop\adwcleaner(1).exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Found : C:\Program Files (x86)\Ilivid
    Folder Found : C:\Users\IdHusseys\AppData\Local\Ilivid Player

    ***** [Registry] *****

    Key Found : HKCU\Software\ilivid
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v21.0.1180.89

    File : C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1489 octets] - [10/09/2012 18:09:55]

    ########## EOF - C:\AdwCleaner[R1].txt - [1549 octets] ##########
  20. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I am now scanning with ESet, but I unchecked the "repair" button so it will only scan - I'm not sure if you wanted me to click "repair" AND "scan archives," but I can re-run it with the option to repair if you'd like.
  21. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Yeah I didn't ask to change any settings.
  22. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Glad I clarified - OK, stopped that and re-ran the scan, it was just in the middle of downloading definitions so it's going full-tilt now.
  23. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    It's only 31% done and it's found 21 threats so far. At some point I'd like to know the infection's done for good, I'll be switching to Unbutu soon as I can. I'm done with Windows.
  24. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Most likely those findings will be just inactive leftovers.
    I can't comment though without seeing final log.
  25. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
    C:\Users\IdHusseys\AppData\Local\SENukeX\backup\6e565112-695b-40d9-a38f-b5d11dc482e1.bin a variant of MSIL/Packed.CryptoObfuscator.D application cleaned by deleting - quarantined
    C:\Users\IdHusseys\AppData\Local\SENukeX\backup\7492e852-c194-4ae9-af41-3ff55c6a3fca.bin a variant of MSIL/Packed.CryptoObfuscator.D application cleaned by deleting - quarantined
    C:\Users\IdHusseys\AppData\Local\SENukeX\backup\c8fe6753-2e83-4be2-8743-158febeb05f9.bin a variant of MSIL/Packed.CryptoObfuscator.D application cleaned by deleting - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-0--3591.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-0--5020.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-0--6972.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-0-36256.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-0-49076.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-0-5042.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-1--3591.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-1--5020.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-1--6972.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-1-36256.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-1-49076.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\AppData\Roaming\Article Marketing Robot\results\Johnny@my-review-site.com-1-5042.html HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\Users\IdHusseys\Desktop\Website Management\E Projects\wp_bundle_2012_01_07-17_21_19.tar.gz PHP/Obfuscated.F application deleted - quarantined
    C:\Users\IdHusseys\Desktop\Website Management\TFS\TFS Webmaster Files\Backup Creator for TFSS 11-23-11.zip PHP/Obfuscated.F application deleted - quarantined
    C:\Users\IdHusseys\Desktop\Website Management\WordPress and Blogger Themes and Plugins\WP plugins\clickbump-seo-V3.6-10-07-2011.zip PHP/Obfuscated.F application deleted - quarantined
    C:\Users\IdHusseys\Desktop\Website Management\WordPress and Blogger Themes and Plugins\WP plugins\PREMIUM PLUGINS\clickbump-seo-V3.6-10-07-2011.zip PHP/Obfuscated.F application deleted - quarantined
    C:\Users\IdHusseys\Desktop\Website Management\WordPress and Blogger Themes and Plugins\WP plugins\PREMIUM PLUGINS\clickbump-seo-V3.6-10-07-2011\clickbump-lsi.php PHP/Obfuscated.F application cleaned by deleting - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.