TechSpot

Infected Windows Vista PC

By JoeVM
Sep 4, 2012
  1. A Friend of mine asked me to take a look at her PC. She has a gateway desktop computer running Windows Vista Home Premium. I ran a virus scan using malware Bytes and a anti virus scan. I noticed it said the system files in the C:\Windows\System32 folder were infected/overwritten .She said she was getting blue screens and it was crashing often .

    I wasn't sure where to start to remove this threat so I didnt let mailwarebytes clean the files incase I couldn't restart it and I'm trying to avoid reinstalling windows . I just ran it in safe mode and got the log files needed to post on here be4 I shut it down

    Any help would be Appreciated and Thank You in Advance

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.03.07

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Change me :: CHANGEME-PC [administrator]

    9/4/2012 12:07:16 AM
    mbam-log-2012-09-04 (00-15-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 292375
    Time elapsed: 7 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 25
    HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> No action taken.
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
    HKCR\sp (TrojanProxy.Agent) -> No action taken.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.

    Registry Values Detected: 4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^n^ -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls|wxfw.dll (Adware.Hotbar) -> Data: C:\Program Files\The Weather Channel FW\Framework\wxfw.cpl -> No action taken.

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Detected: 13
    C:\ProgramData\14658804 (Rogue.Multiple) -> No action taken.
    C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\4.bin (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\4.bin\chrome (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.

    Files Detected: 15
    C:\Windows\System32\Rawwan.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\NUSB3w32.dll (Trojan.Dropper) -> No action taken.
    C:\Windows\System32\rslinx.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\cvslock.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\drvmcdb.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\epsonstatusagent2.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\ozoneinstallerservice.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\racsvc.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\SNTIE.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\symproxysvc.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\tosrfbd.dll (RootKit.0Access.H) -> No action taken.
    C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
    C:\Windows\system\svchost.exe (Backdoor.Bot) -> No action taken.
    C:\ProgramData\14658804\14658804 (Rogue.Multiple) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> No action taken.

    (end)
     
  2. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-04 15:32:07
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 WDC_WD50 rev.12.0
    Running: dsnk5rki.exe; Driver: C:\Users\CHANGE~1\AppData\Local\Temp\fwryrkog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text cdrom.sys 8D4AC000 123 Bytes [64, 3A, 5C, 6C, 6F, 6E, 67, ...]
    .text cdrom.sys 8D4AC07C 3 Bytes [6F, 00, 73]
    .text cdrom.sys 8D4AC080 5 Bytes [44, 00, 65, 00, 76]
    .text cdrom.sys 8D4AC086 7 Bytes [69, 00, 63, 00, 65, 00, 73]
    .text cdrom.sys 8D4AC08E 13 Bytes [5C, 00, 43, 00, 64, 00, 52, ...]
    .text ...
    ? C:\Windows\system32\DRIVERS\cdrom.sys suspicious PE modification

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74087817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740CB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7408BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7407F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7407E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740B73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7408DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7407FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7407FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7410CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7407D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74076853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7407687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74082AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) 8D48F000-8D4AB000 (114688 bytes)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB22683$\1619343390 0 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\@ 2048 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\bckfg.tmp 854 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\cfg.ini 368 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\keywords 46 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\L 0 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\L\00000004.@ 218 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\L\201d3dde 12 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\L\qnbwvoto 67072 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\lsflt7.ver 5176 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\oemid 332 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U 0 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U\00000001.@ 1536 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U\80000000.@ 66560 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U\80000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\U\80000032.@ 90624 bytes
    File C:\Windows\$NtUninstallKB22683$\1619343390\version 730 bytes
    File C:\Windows\$NtUninstallKB22683$\620569959 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  3. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by Change me at 15:44:33 on 2012-09-04
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1336 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.yahoo.com
    uSearch Bar =
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant =
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn4\YTNavAssist.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.2007.12.12.1.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
    BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [DW4]
    uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
    mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
    mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
    mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.2007.12.12.1.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    LSP: mswsock.dll
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{7225B89C-C910-42F1-A560-D0EFB0E774C1} : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\change me\appdata\roaming\mozilla\firefox\profiles\pc5okdv1.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.0\npsitesafety.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 27496]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
    S2 gupdate1c99a9c8ba74002;Google Update Service (gupdate1c99a9c8ba74002);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-3 655944]
    S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2008-6-17 21504]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
    S2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
    S2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
    S2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
    S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-9-3 927840]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-3 250056]
    S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-11-3 71424]
    S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2009-11-3 11520]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-3 22344]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-09-04 04:11:25 -------- d-----w- c:\users\change me\appdata\local\Macromedia
    2012-09-03 21:36:00 -------- d-----w- C:\c6c5ba77588cfb5af4fbb675bfc6ba
    2012-09-03 21:30:24 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-09-03 21:30:24 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-09-03 21:30:24 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-09-03 21:30:24 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-09-03 21:26:45 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-09-03 19:36:03 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-09-03 19:35:54 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-03 19:35:41 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
    2012-09-03 19:35:41 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
    2012-09-03 19:35:40 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
    2012-09-03 19:35:40 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
    2012-09-03 19:35:40 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
    2012-09-03 19:35:36 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
    2012-09-03 19:34:58 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-09-03 19:34:40 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-09-03 19:34:25 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2012-09-03 19:34:23 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-09-03 19:34:23 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-09-03 19:34:22 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-09-03 19:34:22 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-09-03 19:33:45 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-09-03 19:33:45 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-09-03 19:33:20 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-09-03 19:33:09 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-09-03 19:33:08 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-09-03 19:26:34 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-09-03 19:26:34 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-09-03 19:26:34 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-09-03 19:26:28 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-09-03 19:25:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-03 19:23:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-03 19:01:59 -------- d-----w- c:\users\change me\appdata\roaming\AVG2012
    2012-09-03 18:56:47 -------- d-----w- c:\users\change me\appdata\local\AVG Secure Search
    2012-09-03 18:56:37 -------- d-----w- c:\programdata\AVG Secure Search
    2012-09-03 18:56:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-09-03 18:56:28 -------- d-----w- c:\program files\common files\AVG Secure Search
    2012-09-03 18:56:25 -------- d-----w- c:\program files\AVG Secure Search
    2012-09-03 18:55:32 -------- d--h--w- C:\$AVG
    2012-09-03 18:55:32 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-09-03 18:55:32 -------- d-----w- c:\programdata\AVG2012
    2012-09-03 18:54:59 -------- d-----w- c:\program files\AVG
    2012-09-03 18:38:06 -------- d--h--w- c:\programdata\Common Files
    2012-09-03 18:38:05 -------- d-----w- c:\programdata\MFAData
    2012-09-03 18:35:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-09-03 18:34:45 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-09-03 18:34:34 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-09-03 18:34:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-09-04 17:09:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-09-03 21:19:59 7680 ----a-w- c:\windows\system\svchost.exe
    2012-09-03 19:24:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
    .
    ============= FINISH: 15:44:47.61 ===============
     
  4. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/21/2007 2:15:58 AM
    System Uptime: 9/4/2012 3:34:53 PM (0 hours ago)
    .
    Motherboard: ELITEGROUP | | MCP61PM-AM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2611/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 400.53 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 0.987 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader 9.5.0
    Agere Systems PCI-SV92PP Soft Modem
    Apple Application Support
    Apple Software Update
    AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
    AVG 2012
    AVSDK5
    BigFix
    Browser Address Error Redirector
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Digital Media Reader
    Fast Browser Search (My Face LOL)
    Gateway Connect
    Gateway Games
    Gateway Recovery Center Installer
    Google Photos Screensaver
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6 Update 1
    Linkit_eBay
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Marvell Miniport Driver
    Media Converter for Philips
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Easy Assist v2
    Microsoft Money 2006
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Napster
    Napster Burn Engine
    neroxml
    Norton Internet Security
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PaperPort Image Printer
    Picasa 3
    Power2Go 5.0
    PS2 Multimedia Keyboard Driver
    QuickTime
    Scansoft PDF Professional
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    The Weather Channel Desktop
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Verizon Online DSL
    Viewpoint Media Player
    Weather Services
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/4/2012 3:37:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/4/2012 3:37:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/4/2012 3:37:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    9/4/2012 3:37:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/4/2012 3:37:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/4/2012 3:37:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
    9/4/2012 3:37:07 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/4/2012 3:37:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/4/2012 3:37:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 3:32:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001BB9767AAD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    9/4/2012 12:27:27 AM, Error: EventLog [6008] - The previous system shutdown at 12:24:34 AM on 9/4/2012 was unexpected.
    9/4/2012 12:23:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    9/4/2012 1:20:55 PM, Error: EventLog [6008] - The previous system shutdown at 1:18:01 PM on 9/4/2012 was unexpected.
    9/4/2012 1:17:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 1:16:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/4/2012 1:16:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2012 1:12:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/3/2012 3:23:23 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2423089 (Security Update) into Absent(Absent) state
    9/3/2012 2:53:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    9/3/2012 2:52:40 PM, Error: EventLog [6008] - The previous system shutdown at 2:42:09 PM on 9/3/2012 was unexpected.
    9/3/2012 2:32:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 001BB9767AAD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    9/3/2012 2:27:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
    9/3/2012 2:25:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
    9/3/2012 2:25:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    9/3/2012 2:20:34 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    9/3/2012 10:36:28 PM, Error: Service Control Manager [7023] - The USB Service service terminated with the following error: Access is denied.
    9/3/2012 10:36:28 PM, Error: Service Control Manager [7023] - The UPATC service terminated with the following error: Access is denied.
    9/3/2012 10:36:28 PM, Error: Service Control Manager [7023] - The Incdpass service terminated with the following error: Access is denied.
    9/3/2012 10:36:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/3/2012 10:36:28 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    9/3/2012 10:32:13 PM, Error: EventLog [6008] - The previous system shutdown at 5:56:50 PM on 9/3/2012 was unexpected.
    9/3/2012 1:39:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    Well, you must re-run MBAM, fix all issues and post new log.
     
  6. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Thank You for your quick response . I re ran MBAM selected and removed all threats . It asked me to restart the computer so I did and here is the new log. I ran it in safe mode since it tends to lock up if I dont

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.03.07

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Change me :: CHANGEME-PC [administrator]

    9/4/2012 10:03:36 PM
    mbam-log-2012-09-04 (22-03-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 292030
    Time elapsed: 6 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 25
    HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Detected: 4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^n^ -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls|wxfw.dll (Adware.Hotbar) -> Data: C:\Program Files\The Weather Channel FW\Framework\wxfw.cpl -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 13
    C:\ProgramData\14658804 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\4.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\4.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Files Detected: 16
    C:\Windows\System32\Rawwan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\NUSB3w32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\System32\rslinx.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\avcgbfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\cvslock.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\drvmcdb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\epsonstatusagent2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\ozoneinstallerservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\racsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\SNTIE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\symproxysvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\tosrfbd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\zntport.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\ProgramData\14658804\14658804 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    (end)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very well.

    You can run two tolls listed below in safe mode as well....

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    =======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Ok I downloaded both programs and followed your instructions . Here is the logs you requested

    Rkill 2.3.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/04/2012 11:17:56 PM in x86 mode.
    Windows Version: Windows Vista (TM) Home Premium Service Pack 2

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * No issues found.

    Checking Windows Service Integrity:

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * BFE [Missing Service]
    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]
    * WinDefend [Missing Service]
    * wscsvc [Missing Service]

    Searching for Missing Digital Signatures:

    * No issues found.

    Program finished at: 09/04/2012 11:18:06 PM
    Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)
     
  9. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-04 23:20:48
    -----------------------------
    23:20:48.283 OS Version: Windows 6.0.6002 Service Pack 2
    23:20:48.283 Number of processors: 2 586 0x6B01
    23:20:48.283 ComputerName: CHANGEME-PC UserName: Change me
    23:20:51.293 Initialize success
    23:20:51.902 AVAST engine defs: 12090401
    23:21:28.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
    23:21:28.468 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
    23:21:28.499 Disk 0 MBR read successfully
    23:21:28.499 Disk 0 MBR scan
    23:21:28.515 Disk 0 Windows VISTA default MBR code
    23:21:28.515 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10056 MB offset 63
    23:21:28.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466882 MB offset 20595330
    23:21:28.531 Disk 0 scanning sectors +976771120
    23:21:28.609 Disk 0 scanning C:\Windows\system32\drivers
    23:21:40.215 Service scanning
    23:21:55.246 Modules scanning
    23:22:01.205 Disk 0 trace - called modules:
    23:22:01.237 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    23:22:01.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8753c728]
    23:22:01.252 3 CLASSPNP.SYS[89b9e8b3] -> nt!IofCallDriver -> [0x86b3d360]
    23:22:01.252 5 acpi.sys[8420a6bc] -> nt!IofCallDriver -> \Device\00000058[0x86b3dc90]
    23:22:02.781 AVAST engine scan C:\Windows
    23:22:07.867 AVAST engine scan C:\Windows\system32
    23:24:36.619 AVAST engine scan C:\Windows\system32\drivers
    23:24:59.380 AVAST engine scan C:\Users\Change me
    23:25:10.284 Disk 0 MBR has been saved successfully to "C:\Users\Change me\Desktop\MBR.dat"
    23:25:10.284 The log file has been saved successfully to "C:\Users\Change me\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    I have a question I wanted to ask you . I tried to run ComboFix and it seed like it was taking forever to run so I left the computer on and when I woke up I noticed there was an error so I restarted the computer and tried it again . I went through the process again its been a few hours and its still on the same screen that says :







    I have a question I wanted to ask you . I tried to run ComboFix and it seemed like it was taking forever to run so I left the computer on and when I woke up I noticed there was an error so I restarted the computer and tried it again . I went through the process again its been a few hours and its still on the same screen that says :


    Scanning for Infected Files .........
    This Typically doesn't take more then 10 mins
    However, Scan times for badly infected machines may easily double

    Then the cursor just blinks

    I read you said be Patient but I wasn't sure if something was wrong or it just takes a long time
     
  12. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Sorry it posted twice for some reason
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  14. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Ok I got the logs for you

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 05-09-2012
    Ran by SYSTEM at 05-09-2012 23:29:23
    Running from I:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [398728 2008-01-29] (Symantec Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13535776 2008-06-19] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-06-19] (NVIDIA Corporation)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)
    HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)
    HKLM\...\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [363 2012-09-05] ()
    HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKU\Bryan\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
    HKU\Bryan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
    HKU\Bryan\...\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
    HKU\Bryan\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
    HKU\Bryan\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
    HKU\Bryan\...\Run: [DW4] [x]
    HKU\Bryan\...\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe [2697656 2011-10-12] (Symantec Corporation)
    HKU\Bryan\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKU\Bryan\...\Policies\system: [LogonHoursAction] 2
    HKU\Bryan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Bryan(3)\...\Policies\system: [LogonHoursAction] 2
    HKU\Bryan(3)\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Change me\...\Run: [DW4] [x]
    HKU\Change me\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKU\Change me\...\Policies\system: [LogonHoursAction] 2
    HKU\Change me\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Guest\...\Run: [DW4] [x]
    HKU\Guest\...\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe [2697656 2011-10-12] (Symantec Corporation)
    HKU\Guest\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKU\Guest\...\Policies\system: [LogonHoursAction] 2
    HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Maria\...\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter [x]
    HKU\Maria\...\Policies\system: [LogonHoursAction] 2
    HKU\Maria\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Mason\...\Policies\system: [LogonHoursAction] 2
    HKU\Mason\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\Bryan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (No File)
    Startup: C:\Users\Bryan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Mason\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services ================================

    2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
    3 GameConsoleService; "C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe" [181784 2007-11-09] (WildTangent, Inc.)
    2 gupdate1c99a9c8ba74002; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-03-01] (Google Inc.)
    3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2918008 2007-01-05] (Symantec Corporation)
    4 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
    2 vseamps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe" [117288 2010-04-08] (Authentium, Inc)
    2 vsedsps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe" [117288 2010-04-08] (Authentium, Inc)
    2 vseqrts; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe" [154152 2010-04-08] (Authentium, Inc)
    2 int15; C:\Windows\System32\Rawwan.dll [x]
    2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll [x]
    2 NecUsb; C:\Windows\system32\NUSB3w32.dll [x]
    3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
    2 VirtualFD; C:\Windows\System32\rslinx.dll [x]

    ==================== Drivers =================================

    3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software)
    2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-08-21] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-08-21] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-08-21] (AVAST Software)
    3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD.sys [401408 2007-04-08] (AVerMedia TECHNOLOGIES, Inc.)
    1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
    1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
    3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-01] (Intel Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
    3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation)
    2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2007-05-21] (New Boundary Technologies, Inc.)
    0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43872 2008-11-20] (Sonic Solutions)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 catchme; \??\C:\Users\CHANGE~1\AppData\Local\Temp\catchme.sys [x]
    1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [x]
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    2 MCSTRM; [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) =================

    NETSVC: int15 -> C:\Windows\system32\Rawwan.dll ==> No File.
    NETSVC: VirtualFD -> C:\Windows\system32\rslinx.dll ==> No File.
    NETSVC: SGHIDI -> No Registry Path.
    NETSVC: DVDRC -> No Registry Path.
    NETSVC: sagefserver -> No Registry Path.
    NETSVC: nscservice -> No Registry Path.
    NETSVC: hpzipr12 -> No Registry Path.
    NETSVC: a8djavs -> No Registry Path.
    NETSVC: NWDNS -> No Registry Path.
    NETSVC: eectrl -> No Registry Path.
    NETSVC: mssqlserveradhelper -> No Registry Path.
    NETSVC: RioS30 -> No Registry Path.

    ============ One Month Created Files and Folders ==============

    2012-09-05 23:29 - 2012-09-05 23:29 - 00000000 ____D C:\FRST
    2012-09-05 18:52 - 2012-09-05 18:53 - 00903194 ____A (Farbar) C:\Users\Change me\Desktop\FRST.exe
    2012-09-05 18:49 - 2012-09-05 18:53 - 00000000 ____D C:\Users\Change me\Desktop\2012-02-05
    2012-09-05 12:48 - 2012-09-05 12:49 - 00000000 ___SD C:\ComboFix
    2012-09-05 11:29 - 2012-09-05 11:29 - 04743773 ____R (Swearware) C:\Users\Change me\Desktop\ComboFix.exe
    2012-09-05 11:29 - 2012-09-05 11:29 - 04743773 ____A (Swearware) C:\Users\Change me\Downloads\ComboFix.exe
    2012-09-05 10:58 - 2012-09-05 10:58 - 00000000 ___SD C:\maria30124m
    2012-09-05 10:58 - 2012-09-05 10:58 - 00000000 ___SD C:\maria20372m
    2012-09-05 10:00 - 2012-09-05 10:00 - 00000000 ___SD C:\Maria7931M
    2012-09-05 09:59 - 2012-09-05 09:59 - 00000000 ___SD C:\Maria
    2012-09-04 19:58 - 2012-09-04 19:58 - 00000000 ____D C:\Qoobox
    2012-09-04 19:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-04 19:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-04 19:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-04 19:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-04 19:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-04 19:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-04 19:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-04 19:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-04 19:57 - 2012-09-04 19:57 - 00000000 ____D C:\Windows\erdnt
    2012-09-04 19:56 - 2012-09-05 15:19 - 00000113 ____A C:\Users\Change me\Desktop\New Text Document.txt
    2012-09-04 19:25 - 2012-09-04 19:25 - 00001829 ____A C:\Users\Change me\Desktop\aswMBR.txt
    2012-09-04 19:25 - 2012-09-04 19:25 - 00000512 ____A C:\Users\Change me\Desktop\MBR.dat
    2012-09-04 19:19 - 2012-09-04 19:19 - 04731392 ____A (AVAST Software) C:\Users\Change me\Desktop\aswMBR.exe
    2012-09-04 18:55 - 2012-09-04 18:55 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-09-04 18:55 - 2012-09-04 18:55 - 00001971 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
    2012-09-04 18:53 - 2012-09-04 18:53 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-09-04 18:53 - 2012-09-04 18:53 - 00001829 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
    2012-09-04 18:53 - 2012-08-21 01:13 - 00729752 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-09-04 18:53 - 2012-08-21 01:13 - 00355632 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-09-04 18:53 - 2012-08-21 01:13 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-09-04 18:53 - 2012-08-21 01:13 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-09-04 18:53 - 2012-08-21 01:13 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-09-04 18:53 - 2012-08-21 01:13 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-09-04 18:52 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-09-04 18:52 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-09-04 18:51 - 2012-09-04 18:51 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-09-04 18:51 - 2012-09-04 18:51 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
    2012-09-04 18:51 - 2012-09-04 18:51 - 00000000 ____D C:\Program Files\AVAST Software
    2012-09-04 18:39 - 2012-09-04 18:39 - 00001057 ____A C:\Users\Change me\Desktop\Revo Uninstaller.lnk
    2012-09-04 18:39 - 2012-09-04 18:39 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-09-04 09:20 - 2012-09-04 09:20 - 00134792 ____A C:\Windows\Minidump\Mini090412-02.dmp
    2012-09-03 20:27 - 2012-09-03 20:27 - 00134792 ____A C:\Windows\Minidump\Mini090412-01.dmp
    2012-09-03 20:15 - 2012-09-04 11:46 - 00000000 ____D C:\Users\Change me\Desktop\New Folder
    2012-09-03 20:11 - 2012-09-03 20:11 - 00000000 ____D C:\Users\Change me\Local Settings\Macromedia
    2012-09-03 20:11 - 2012-09-03 20:11 - 00000000 ____D C:\Users\Change me\Local Settings\Application Data\Macromedia
    2012-09-03 20:11 - 2012-09-03 20:11 - 00000000 ____D C:\Users\Change me\AppData\Local\Macromedia
    2012-09-03 13:36 - 2012-09-03 13:36 - 00000000 ____D C:\c6c5ba77588cfb5af4fbb675bfc6ba
    2012-09-03 13:30 - 2012-02-29 07:11 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-09-03 13:30 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-09-03 13:30 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-09-03 13:30 - 2012-02-29 05:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-09-03 13:26 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-09-03 13:20 - 2012-09-03 13:21 - 00272380 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-09-03 11:36 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-09-03 11:35 - 2012-03-30 04:39 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-03 11:34 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2012-09-03 11:34 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2012-09-03 11:34 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2012-09-03 11:34 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-09-03 11:34 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-09-03 11:34 - 2011-12-14 08:17 - 00680448 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2012-09-03 11:33 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-09-03 11:33 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-09-03 11:33 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-09-03 11:33 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-09-03 11:33 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-09-03 11:26 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-09-03 11:26 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-09-03 11:26 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-09-03 11:26 - 2012-01-09 07:54 - 00613376 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
    2012-09-03 11:25 - 2012-09-03 11:25 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 11:25 - 2012-09-03 11:25 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 11:25 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-03 11:23 - 2012-09-05 14:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-03 11:23 - 2012-09-03 11:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-09-03 10:38 - 2012-09-04 18:46 - 00000000 ____D C:\Users\All Users\MFAData
    2012-09-03 10:38 - 2012-09-04 18:46 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
    2012-09-03 10:35 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-09-03 10:35 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-09-03 10:35 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-09-03 10:35 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-09-03 10:34 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-09-03 10:34 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-09-03 10:34 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-09-03 10:34 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-09-03 10:34 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

    ============ 3 Months Modified Files ========================

    2012-09-05 19:14 - 2007-05-20 22:14 - 01594909 ____A C:\Windows\WindowsUpdate.log
    2012-09-05 19:14 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-05 19:14 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-05 19:14 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-05 19:14 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-05 19:04 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-05 18:55 - 2006-11-02 04:52 - 00070475 ____A C:\Windows\setupact.log
    2012-09-05 18:53 - 2012-09-05 18:52 - 00903194 ____A (Farbar) C:\Users\Change me\Desktop\FRST.exe
    2012-09-05 18:47 - 2009-06-28 06:19 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-05 18:45 - 2007-05-20 23:52 - 00823006 ____A C:\Windows\PFRO.log
    2012-09-05 15:19 - 2012-09-04 19:56 - 00000113 ____A C:\Users\Change me\Desktop\New Text Document.txt
    2012-09-05 14:43 - 2009-06-28 06:19 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-05 14:24 - 2012-09-03 11:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-05 11:29 - 2012-09-05 11:29 - 04743773 ____R (Swearware) C:\Users\Change me\Desktop\ComboFix.exe
    2012-09-05 11:29 - 2012-09-05 11:29 - 04743773 ____A (Swearware) C:\Users\Change me\Downloads\ComboFix.exe
    2012-09-04 19:25 - 2012-09-04 19:25 - 00001829 ____A C:\Users\Change me\Desktop\aswMBR.txt
    2012-09-04 19:25 - 2012-09-04 19:25 - 00000512 ____A C:\Users\Change me\Desktop\MBR.dat
    2012-09-04 19:19 - 2012-09-04 19:19 - 04731392 ____A (AVAST Software) C:\Users\Change me\Desktop\aswMBR.exe
    2012-09-04 18:55 - 2012-09-04 18:55 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-09-04 18:55 - 2012-09-04 18:55 - 00001971 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
    2012-09-04 18:53 - 2012-09-04 18:53 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-09-04 18:53 - 2012-09-04 18:53 - 00001829 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
    2012-09-04 18:53 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
    2012-09-04 18:39 - 2012-09-04 18:39 - 00001057 ____A C:\Users\Change me\Desktop\Revo Uninstaller.lnk
    2012-09-04 11:51 - 2009-03-02 10:37 - 00001356 ____A C:\Users\Change me\Local Settings\d3d9caps.dat
    2012-09-04 11:51 - 2009-03-02 10:37 - 00001356 ____A C:\Users\Change me\Local Settings\Application Data\d3d9caps.dat
    2012-09-04 11:51 - 2009-03-02 10:37 - 00001356 ____A C:\Users\Change me\AppData\Local\d3d9caps.dat
    2012-09-04 09:20 - 2012-09-04 09:20 - 00134792 ____A C:\Windows\Minidump\Mini090412-02.dmp
    2012-09-04 09:20 - 2007-08-25 20:07 - 164519555 ____A C:\Windows\MEMORY.DMP
    2012-09-04 09:09 - 2012-02-05 08:04 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
    2012-09-03 20:27 - 2012-09-03 20:27 - 00134792 ____A C:\Windows\Minidump\Mini090412-01.dmp
    2012-09-03 18:32 - 2006-11-02 04:47 - 00296624 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-03 13:21 - 2012-09-03 13:20 - 00272380 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-09-03 11:25 - 2012-09-03 11:25 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 11:25 - 2012-09-03 11:25 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-03 11:24 - 2012-09-03 11:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-09-03 11:24 - 2011-05-18 14:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-09-03 10:34 - 2012-02-01 10:11 - 00105324 ____A C:\Windows\System32\itusbcore.dat
    2012-09-03 10:34 - 2012-02-01 09:09 - 00000197 ____A C:\Windows\System32\itlsvc.dat
    2012-09-03 09:42 - 2007-07-24 15:02 - 00021504 ____A C:\Users\Change me\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-03 09:42 - 2007-07-24 15:02 - 00021504 ____A C:\Users\Change me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-03 09:42 - 2007-07-24 15:02 - 00021504 ____A C:\Users\Change me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-21 01:13 - 2012-09-04 18:53 - 00729752 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-21 01:13 - 2012-09-04 18:53 - 00355632 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-21 01:13 - 2012-09-04 18:53 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-21 01:13 - 2012-09-04 18:53 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-21 01:13 - 2012-09-04 18:53 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-08-21 01:13 - 2012-09-04 18:53 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-21 01:12 - 2012-09-04 18:52 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-21 01:12 - 2012-09-04 18:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-03 00:46 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-04 06:02 - 2012-09-03 13:26 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-03 09:46 - 2012-09-03 11:25 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-01-30 04:58:19
    Restore point made on: 2012-02-01 05:46:07
    Restore point made on: 2012-02-01 10:08:45
    Restore point made on: 2012-02-01 16:32:58
    Restore point made on: 2012-02-02 09:38:11
    Restore point made on: 2012-02-02 09:42:25
    Restore point made on: 2012-02-02 09:44:58
    Restore point made on: 2012-02-02 09:46:04
    Restore point made on: 2012-02-02 09:47:10
    Restore point made on: 2012-02-02 09:48:49
    Restore point made on: 2012-02-02 09:49:47
    Restore point made on: 2012-02-02 09:50:49
    Restore point made on: 2012-02-02 10:43:58
    Restore point made on: 2012-02-12 16:35:38
    Restore point made on: 2012-02-13 14:01:43
    Restore point made on: 2012-09-03 10:34:26
    Restore point made on: 2012-09-03 13:18:30
    Restore point made on: 2012-09-04 18:42:16
    Restore point made on: 2012-09-04 18:42:33
    Restore point made on: 2012-09-04 18:43:46
    Restore point made on: 2012-09-04 18:46:06
    Restore point made on: 2012-09-04 18:51:46
    Restore point made on: 2012-09-05 04:23:52
    Restore point made on: 2012-09-05 08:32:42

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 1917.88 MB
    Available physical RAM: 1606.86 MB
    Total Pagefile: 1853.66 MB
    Available Pagefile: 1711.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.51 MB

    ==================== Partitions ============================

    1 Drive c: () (Fixed) (Total:455.94 GB) (Free:387.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    7 Drive I: (JOE) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
    8 Drive r: (MS-RAMDRIVE) (Fixed) (Total:0.01 GB) (Free:0.01 GB) FAT
    9 Drive x: (RECOVERY) (Fixed) (Total:9.82 GB) (Free:0.99 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 3822 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 10 GB 32 KB
    Partition 2 Primary 456 GB 10 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 X RECOVERY NTFS Partition 10 GB Healthy Boot

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 456 GB Healthy

    ==================================================================================

    Partitions of Disk 5:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3822 MB 0 B

    ==================================================================================

    Disk: 5
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    Last Boot: 2012-09-05 18:55

    ==================== End Of Log =============================
     
  15. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Farbar Recovery Scan Tool (x86) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-05 23:31:17
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-09-16 16:34] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-06-17 12:53] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
    [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

    C:\Windows\System32\services.exe
    [2009-09-16 16:34] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    === End Of Search ===
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  17. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-09-2012
    Ran by SYSTEM at 2012-09-06 00:39:27 Run:1
    Running from I:\

    ==============================================

    HKEY_USERS\Bryan\Software\Microsoft\Windows\CurrentVersion\Run\\DW4 Value deleted successfully.
    HKEY_USERS\Change me\Software\Microsoft\Windows\CurrentVersion\Run\\DW4 Value deleted successfully.
    HKEY_USERS\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\DW4 Value deleted successfully.
    int15 service deleted successfully.
    C:\Windows\System32\Rawwan.dll not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs int15 Deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs VirtualFD Deleted successfully.

    ==== End of Fixlog ====
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    How is computer doing?

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    I'm not getting Blue Screens but I noticed the Cd/DvD drive and media card reader says there's no driver and encounters problems trying to install it for some reason ... Also windows wont let me update

    and I'm downloading the program now
     
  20. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    OTL logfile created on: 9/7/2012 9:27:05 PM - Run 1
    OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Change me\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.09% Memory free
    3.99 Gb Paging File | 3.12 Gb Available in Paging File | 78.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.94 Gb Total Space | 385.95 Gb Free Space | 84.65% Space Free | Partition Type: NTFS
    Drive D: | 9.82 Gb Total Space | 0.99 Gb Free Space | 10.05% Space Free | Partition Type: NTFS

    Computer Name: GATEWAY-PC | User Name: Change me | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/07 21:24:44 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Change me\Desktop\OTL.exe
    PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    PRC - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    PRC - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/03/09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    PRC - [2010/03/05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/05/21 04:13:53 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2006/10/05 01:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rslinx.dll -- (VirtualFD)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\NUSB3w32.dll -- (NecUsb)
    SRV - [2012/09/07 12:50:33 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/03 15:24:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
    SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
    SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/09 18:59:36 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/05/21 04:13:53 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2006/10/05 01:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
    DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\cdrom.sys -- (cdrom)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHANGE~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/11/03 04:06:00 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
    DRV - [2009/11/03 04:06:00 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
    DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/04/08 23:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
    DRV - [2007/01/27 05:21:00 | 000,101,160 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2006/11/28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
    DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {B420B258-E647-47A7-8537-55F0B996DFD1}
    IE - HKLM\..\SearchScopes\{B420B258-E647-47A7-8537-55F0B996DFD1}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex}&startPage={startPage}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5472
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5472
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes\{7E895CD0-EDA4-43FB-9716-87FE4C06B338}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5472
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5472
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes\{7E895CD0-EDA4-43FB-9716-87FE4C06B338}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes\{24B408F0-9737-40A1-8BE6-15D22AE0B8A2}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_en
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...9cb1323dc9e&lang=en&ds=AVG&pr=fr&d=2012-09-03 14:56:31&v=12.2.0.5&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes\{B420B258-E647-47A7-8537-55F0B996DFD1}: "URL" = http://www.google.com/search?q={sea...rtIndex}&startPage={startPage}&rlz=1I7GCNV_en
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/12/25 11:30:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/07 15:14:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 12:50:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/04 22:37:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext

    [2009/03/25 20:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Change me\AppData\Roaming\mozilla\Extensions
    [2009/03/25 20:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Change me\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2012/09/06 13:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Change me\AppData\Roaming\mozilla\Firefox\Profiles\pc5okdv1.default\extensions
    [2011/03/26 20:23:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Change me\AppData\Roaming\mozilla\Firefox\Profiles\pc5okdv1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(167)
    [2011/08/01 08:06:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Change me\AppData\Roaming\mozilla\Firefox\Profiles\pc5okdv1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(27)
    [2012/09/06 13:42:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Change me\AppData\Roaming\mozilla\firefox\profiles\pc5okdv1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011/11/11 11:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/07 15:14:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2009/09/02 10:20:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/09/07 12:50:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2007/09/26 14:42:54 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npkimi.dll
    [2012/09/03 14:56:25 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/07 12:50:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/07 12:50:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: AdBlock = C:\Users\Change me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
    CHR - Extension: avast! WebRep = C:\Users\Change me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

    Hosts file not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.2007.12.12.1.dll (Yahoo! Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
    O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll File not found
    O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
    O3 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
    O4 - HKU\.DEFAULT..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-18..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
    O7 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.2007.12.12.1.dll (Yahoo! Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7225B89C-C910-42F1-A560-D0EFB0E774C1}: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Change me\Pictures\love.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Change me\Pictures\love.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 05:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{2520fdf5-3a40-11dc-96eb-001bb9767aad}\Shell - "" = AutoRun
    O33 - MountPoints2\{2520fdf5-3a40-11dc-96eb-001bb9767aad}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O33 - MountPoints2\K\Shell - "" = AutoRun
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/07 21:24:35 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Change me\Desktop\OTL.exe
    [2012/09/07 15:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/09/07 15:16:01 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/09/07 15:16:01 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/09/07 15:15:54 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/09/07 15:15:53 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/09/07 15:15:52 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/09/07 15:15:51 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/09/07 15:14:39 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/09/07 15:14:35 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/09/07 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Change me\Documents\Taxes
    [2012/09/07 13:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/09/07 13:41:10 | 000,000,000 | ---D | C] -- C:\Users\Change me\AppData\Roaming\CyberLink
    [2012/09/07 13:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2012/09/07 12:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/09/06 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Change me\Desktop\New Folder (2)
    [2012/09/06 03:29:14 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/05 22:47:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/05 16:48:12 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/09/05 14:58:44 | 000,000,000 | --SD | C] -- C:\maria20372m
    [2012/09/05 14:58:19 | 000,000,000 | --SD | C] -- C:\maria30124m
    [2012/09/05 14:00:17 | 000,000,000 | --SD | C] -- C:\Maria7931M
    [2012/09/05 13:59:52 | 000,000,000 | --SD | C] -- C:\Maria
    [2012/09/04 23:58:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/04 23:58:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/04 23:58:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/04 23:58:25 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/04 23:57:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/04 22:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/04 22:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/09/04 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/09/04 22:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/09/04 22:39:37 | 000,000,000 | ---D | C] -- C:\Users\Change me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/09/04 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\Change me\Desktop\New Folder
    [2012/09/04 00:11:25 | 000,000,000 | ---D | C] -- C:\Users\Change me\AppData\Local\Macromedia
    [2012/09/03 17:36:00 | 000,000,000 | ---D | C] -- C:\c6c5ba77588cfb5af4fbb675bfc6ba
    [2012/09/03 15:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/03 15:25:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/03 14:38:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/09/03 14:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/07 21:25:50 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/07 21:25:49 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/07 21:24:44 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Change me\Desktop\OTL.exe
    [2012/09/07 21:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/07 21:21:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/07 21:20:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/07 21:20:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/07 21:20:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/07 21:20:15 | 2011,684,864 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/07 15:16:02 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/07 15:15:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/09/07 15:04:37 | 000,001,356 | ---- | M] () -- C:\Users\Change me\AppData\Local\d3d9caps.dat
    [2012/09/07 14:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/07 13:56:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/07 13:36:38 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2012/09/06 14:07:14 | 000,023,552 | ---- | M] () -- C:\Users\Change me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/04 22:55:45 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/09/04 22:39:37 | 000,001,057 | ---- | M] () -- C:\Users\Change me\Desktop\Revo Uninstaller.lnk
    [2012/09/04 13:09:19 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/09/03 22:32:19 | 000,296,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/03 15:25:34 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/03 14:34:34 | 000,105,324 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
    [2012/09/03 14:34:34 | 000,000,197 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
    [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/07 15:16:02 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/07 13:56:27 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/07 13:36:38 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2012/09/05 15:19:47 | 2011,684,864 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/04 23:58:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/04 23:58:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/04 23:58:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/04 23:58:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/04 23:58:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/04 22:55:45 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/09/04 22:39:37 | 000,001,057 | ---- | C] () -- C:\Users\Change me\Desktop\Revo Uninstaller.lnk
    [2012/09/03 15:25:34 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/03 15:23:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/02/02 13:47:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2012/02/02 13:47:58 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2012/02/01 14:11:38 | 000,105,324 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
    [2012/02/01 13:09:33 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itldvupd.dat
    [2012/02/01 13:09:33 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
    [2012/01/28 15:37:27 | 000,001,940 | ---- | C] () -- C:\Users\Change me\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2012/01/25 22:32:09 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{A972B55C-B32E-400B-8DA9-A6D3A2C94894}
    [2012/01/25 22:30:00 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{3FF4E827-B44F-47BE-8F64-908E951B554E}
    [2012/01/22 11:49:18 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{A5B02B7D-DA41-4AA2-824F-A2AB4073D692}
    [2012/01/19 20:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{09B3FA05-C2E3-4CA9-B89B-8737EDC1302B}
    [2012/01/19 08:50:23 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{BCFC1463-8ACA-4E50-A63A-F54E42C15D6C}
    [2011/11/08 10:44:42 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{6AD0731A-7591-4A5F-B048-0FB673D8F8E8}
    [2011/11/03 08:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Change me\AppData\Local\{AB59F3B2-778B-4CEA-932D-6D20E4B8D98D}
    [2011/08/05 07:52:01 | 000,014,971 | ---- | C] () -- C:\ProgramData\20110805-013a701b.dmp
    [2011/08/04 16:20:09 | 000,042,993 | ---- | C] () -- C:\ProgramData\20110804-6eae005b.dmp
    [2010/10/19 11:52:40 | 000,015,872 | ---- | C] () -- C:\Users\Change me\AppData\Roaming\UserTile.png
    [2010/10/19 11:44:47 | 000,022,715 | ---- | C] () -- C:\Users\Change me\AppData\Local\Temp61.html
    [2010/10/19 10:19:00 | 000,000,778 | ---- | C] () -- C:\Users\Change me\AppData\Local\Temp1.html
    [2009/03/02 14:37:52 | 000,001,356 | ---- | C] () -- C:\Users\Change me\AppData\Local\d3d9caps.dat
    [2008/01/31 16:39:11 | 000,006,272 | -H-- | C] () -- C:\Users\Change me\ZbThumbnail.info
    [2007/07/26 14:46:30 | 000,000,632 | RHS- | C] () -- C:\Users\Change me\ntuser.pol
    [2007/07/24 19:02:14 | 000,023,552 | ---- | C] () -- C:\Users\Change me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2011/11/08 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\Bryan\AppData\Roaming\LimeWire
    [2007/07/31 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\acccore
    [2007/10/13 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\Ashampoo
    [2010/04/29 19:25:49 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2007/07/24 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\Lexmark Productivity Studio
    [2008/06/12 21:21:15 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\MSNInstaller
    [2012/01/29 11:44:18 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\Nuance
    [2007/07/24 19:14:05 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\SampleView
    [2010/10/16 08:58:07 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\Tific
    [2007/08/05 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\Change me\AppData\Roaming\WildTangent
    [2007/08/19 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\Mason\AppData\Roaming\WildTangent
    [2012/09/07 15:32:17 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB22683$] -> -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6C235A19
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4

    < End of report >
     
  21. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    OTL Extras logfile created on: 9/7/2012 9:27:05 PM - Run 1
    OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Change me\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.09% Memory free
    3.99 Gb Paging File | 3.12 Gb Available in Paging File | 78.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.94 Gb Total Space | 385.95 Gb Free Space | 84.65% Space Free | Partition Type: NTFS
    Drive D: | 9.82 Gb Total Space | 0.99 Gb Free Space | 10.05% Space Free | Partition Type: NTFS

    Computer Name: GATEWAY-PC | User Name: Change me | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\SOFTWARE\Classes\<extension>]
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3145862903-2119528392-1372316911-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{129CCFD2-1D43-49C3-B3D7-0AB54A683993}" = lport=445 | protocol=6 | dir=in | app=system |
    "{43534E69-B9DC-49E0-8DAF-B7889CC5BCE1}" = lport=139 | protocol=6 | dir=in | app=system |
    "{577B7E9F-1E62-4F56-8F25-4C66D7BF6A0C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6C075235-9723-468F-BBB0-03B77AC6F4A4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{79DD526C-2B39-456A-A3D2-A17773BE898D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8F466404-1AE2-467E-9454-AE6209DCDB86}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A4EA292F-7A0B-4AA5-9A70-3B8550091200}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C412C839-F68D-4296-824E-0E35B254F69A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E92FD28A-03A9-4FA8-B7FF-F0230FEA9A89}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F7DB8D68-D611-4B9D-A30E-A133DAAD9C9B}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{030078CE-1914-46DD-A01B-631D1AA4CA5C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
    "{03925CB7-9D71-401B-8ED0-EFFCBA53558A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{0D1E0DFA-4298-40BC-B0A5-7699D2C8811C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{0E6B2A3E-7770-4245-B182-3A8D7D35D882}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{15BD1677-F245-403C-9673-30A26968AE48}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
    "{160B30FC-5DB1-4315-86AC-4540BF3DA13C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
    "{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
    "{37FFA719-EAF0-446E-BC1E-867E4AF8D7FB}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{461C637F-4087-4E3A-AC81-FEC5466C618E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{4ACE57BF-2628-42DC-8AF1-D9A1616AE7B3}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
    "{52BC36F3-D272-478E-9149-7DAB479F1F01}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
    "{53A59E97-2EC3-4496-B85F-F0A9AB621A27}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5664BB1F-718E-4B03-8C68-C2A9B69075F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{65A82B73-BA9C-4446-996D-BF43E359219D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{697A4B46-F090-4503-B071-6E3D9B2A7B4C}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{84096300-40AA-4E46-8175-9F93840232CF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{855001A1-2ABE-4111-B577-4E6F40180E95}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
    "{89D6E68E-2DC7-4135-996B-D9C92AABDF51}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
    "{9522846A-F07F-40D4-8CA1-B7A8F29C2C6E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9671C040-8040-4BAA-AF52-25CD4077397A}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
    "{96BDAA6D-86A1-40BC-8177-5EB5327095E5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddjswx.exe |
    "{99B2077F-051F-4C41-A206-34CC29941B75}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{AFDD9642-1F89-4C2D-9767-B7E083AAFF34}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{B54916C4-CEF9-4B85-8440-576BC594817C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B609E362-E4EC-4179-B85C-B0C90CBCEA55}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddpswx.exe |
    "{B9FF2835-38CA-4390-A3D1-0D095830EFC1}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
    "{C9200AED-D78B-4E44-B41B-B0EF323AAA9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D4B49E7C-6997-4DDC-88E4-5DF72E3588E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D8E6E0DD-1F7B-4DB4-B1AA-C45FD2511A79}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{DE3AFAF6-4FC0-4D35-80C2-94C96CFD18B3}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
    "{DE515FBD-ED2B-4735-A8D5-F2482AD81B53}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{E24C64F3-BDB2-4533-96DD-D54575E8DBF2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxddtime.exe |
    "{EFE46E7A-C55B-43B7-B7AA-084582E439CA}" = dir=in | app=c:\users\change me\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "TCP Query User{5F98A66B-09AE-41C2-A5B7-3DB464B16E2D}C:\program files\cartoon network\ben 10 bounty hunters\rt_multiplayer.exe" = protocol=6 | dir=in | app=c:\program files\cartoon network\ben 10 bounty hunters\rt_multiplayer.exe |
    "TCP Query User{76AD78EA-9962-423D-AD20-33D91B4F4697}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{854379F3-80E0-469E-83B5-6C19DF18127A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{A0C7EE40-05E3-4B17-BF4D-E01FC82887E2}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{C30C2332-31D2-4439-8895-A73972CD5754}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "TCP Query User{CBB6F93D-28FB-4E1C-9E42-366758C35722}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
    "UDP Query User{3C8B68C6-C0F9-4E17-8910-5FA2F9042745}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
    "UDP Query User{490FC31C-3E2F-4126-A49D-227C476D77AB}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "UDP Query User{8E72E6B0-898A-4C6A-BC8F-2E0B50ACB86D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{982A6588-622C-452A-9EDA-F2CE657DDCC5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{BC9316F8-A864-4FB5-8C1F-27FC7C17D81F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{DF1170DE-21AD-46D9-BAC4-FB76AF22EB1B}C:\program files\cartoon network\ben 10 bounty hunters\rt_multiplayer.exe" = protocol=17 | dir=in | app=c:\program files\cartoon network\ben 10 bounty hunters\rt_multiplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
    "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
    "{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
    "{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
    "{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
    "avast" = avast! Free Antivirus
    "AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CCleaner" = CCleaner
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Money2006b" = Microsoft Money 2006
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Face LOL)
    "Verizon Online DSL_is1" = Verizon Online DSL
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WildTangent gateway Master Uninstall" = Gateway Games
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/7/2012 1:47:49 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/7/2012 1:47:49 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/7/2012 1:47:49 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/7/2012 2:38:25 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/7/2012 2:55:09 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/7/2012 3:04:54 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/7/2012 3:04:54 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/7/2012 3:04:58 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/7/2012 3:10:15 PM | Computer Name = Gateway-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 998 Start Time: 01cd8d2c3367d909 Termination Time: 16

    Error - 9/7/2012 3:11:41 PM | Computer Name = Gateway-PC | Source = VSS | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 10/2/2007 7:28:39 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/3/2007 7:59:59 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/26/2007 3:42:11 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/24/2008 5:09:21 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/2/2008 6:00:33 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 8/28/2008 11:13:23 AM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/9/2009 8:29:19 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 6:00:22 PM | Computer Name = Changeme-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 9/7/2012 2:42:29 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 9/7/2012 2:42:29 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 9/7/2012 3:09:50 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 9/7/2012 3:09:50 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/7/2012 3:09:50 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 9/7/2012 3:09:50 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 9/7/2012 9:21:55 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 9/7/2012 9:21:55 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/7/2012 9:21:55 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 9/7/2012 9:21:55 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
      IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
      IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
      IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
      O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll File not found
      O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
      O3 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
      O3 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
      O3 - HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
      O4 - Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
      O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin.cab (Reg Error: Key error.)
      [2012/09/06 03:29:14 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/09/04 13:09:19 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6C235A19
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
      [C:\Windows\$NtUninstallKB22683$] -> -> Unknown point type
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [resethosts]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    HKU\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3145862903-2119528392-1372316911-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 not found.
    File move failed. C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk scheduled to be moved on reboot.
    Starting removal of ActiveX control {3860DD98-0549-4D50-AA72-5D17D200EE10}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {D71F9A27-723E-4B8B-B428-B725E47CBA3E}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D71F9A27-723E-4B8B-B428-B725E47CBA3E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71F9A27-723E-4B8B-B428-B725E47CBA3E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D71F9A27-723E-4B8B-B428-B725E47CBA3E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71F9A27-723E-4B8B-B428-B725E47CBA3E}\ not found.
    Folder C:\FRST\ not found.
    File C:\Windows\System32\dds_trash_log.cmd not found.
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    Unable to delete ADS C:\ProgramData\TEMP:6C235A19 .
    Unable to delete ADS C:\ProgramData\TEMP:FA5F15C4 .
    Unable to remove Unknown point type C:\Windows\$NtUninstallKB22683$
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bryan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Bryan(3)
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Change me
    ->Temp folder emptied: 41893617 bytes
    ->Temporary Internet Files folder emptied: 443231 bytes
    ->Java cache emptied: 195131249 bytes
    ->FireFox cache emptied: 60385212 bytes
    ->Google Chrome cache emptied: 36023056 bytes
    ->Flash cache emptied: 1568721 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 348 bytes

    User: Maria
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mason
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 1509904 bytes
    ->Flash cache emptied: 20654 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 232919 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 788 bytes

    Total Files Cleaned = 322.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Bryan
    ->Java cache emptied: 0 bytes

    User: Bryan(3)

    User: Change me
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Guest

    User: Maria

    User: Mason
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bryan
    ->Flash cache emptied: 0 bytes

    User: Bryan(3)
    ->Flash cache emptied: 0 bytes

    User: Change me
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Maria

    User: Mason
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.61.1 log created on 09072012_235837

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  24. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Results of screen317's Security Check version 0.99.50
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    CCleaner
    Java(TM) 6 Update 23
    Java 7 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Adobe Flash Player 11.3.300.271
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Common Files Authentium AntiVirus5 vsedsps.exe
    Common Files Authentium AntiVirus5 vseamps.exe
    Common Files Authentium AntiVirus5 vseqrts.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  25. JoeVM

    JoeVM TS Rookie Topic Starter Posts: 38

    Farbar Service Scanner Version: 06-08-2012
    Ran by Change me (administrator) on 08-09-2012 at 01:43:27
    Running from "C:\Users\Change me\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...